Related information

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

Portcullis Security Advisory - Movable Type

Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability

[Full-disclosure] Invision Power Board Privilege Escalation (2.0.1 + more)

[SA17359] vBulletin Image Script Insertion Vulnerability

From:	mousehack <mousehack_(at)_gmail.com>
Date:	02.11.2005
Subject:	News2Net SQL Injection

DATE
=====
01/11/2005

AFFECTED PRODUCTS
=================
News2Net
http://www.bemoore.com

OVERVIEW
========
The News2Net system is a powerful Newspaper, Magazine and Newsletter
publication manager with the following features: - Upload a whole
newspaper in seconds. - Add and Edit content as if you were using a
word processor. - Generate revenue using the advertisment manager and
the subscription modules. - Newspaper layout and look and feel are
fully customisable using HTML templates. - Attach images to articles
with ease. - Compose complete edition and then when you are happy,
publish it.

POC
===
http://[Host]/[path]/index.php?category=[SQL]

IMPACT
========
An unauthenticated attacker may execute arbitrary SQL statements on
the vulnerable system. This may compromise the integrity of the
database and expose sensitive information.


Solution:
=========
1. Venditor Not Contacted

Credits
=======
Mousehack@gmail.com