facebook facebook twitter rss

Newsletter 4.3 SQL Injection Vulnerability

Author: Black Worm , Published: 03-06-2015
Exploit Title : Newsletter 4.3 SQL Injection Vulnerability

Exploit Author : Black Worm

Vendor Homepage: www.conpresso.de - www.conpresso4.de

Google Dork ONE: intext:Module Newsletter 4.3

Google Dork TWO: Module Newsletter 4.3 by www.conpresso4.de

Date : 2015-05-29

Tested On : Windows Se7en

Link Software : http://www.conpresso4.de/_data/cpo4_mod_newsletter_4.3e.zip

[-][-][-][-][-][-][-][-][-][-] DESCRITION [-][-][-][-][-][-][-][-][-][-]

newsletter Module SQL Injection Vulnerability
Researched by Black Worm

[-][-][-][-][-][-][-][-][-][-] Location [-][-][-][-][-][-][-][-][-][-][-]

http://localhost/[patch]/mod_newsletter/preview.php?action=preview&nr=( SQL )

[-][-][-][-][-][-][-][-][-] Vulnerability CODE [-][-][-][-][-][-][-][-][-]

======= includes/inc_preview.inc.php ========

<?php
if (!defined('CPO')) exit;

if (!
is_numeric($_GET['nr'])) exit;

$query "SELECT commentary, verfallsdatum, templates_id, nr, idx,
email, autor, pub_datum, titel, initial, freigabe "
."FROM ".CPO_NEWS." "
."WHERE nr=".(int)$_GET['nr']." ";

DEBUG(2$query__FILE____LINE__);
$db = new DB;
$db->query($query);

$db->next_record();
$db_template $db->v('templates_id');
$db_nr $db->v('nr');
$db_idx $db->v('idx');
$db_email $db->v('email');
$db_autor $db->v('autor');
$db_pub_datum $db->v('pub_datum');
$db_verfallsdatum $db->v('verfallsdatum');
$db_commentary $db->v('commentary');
$db_titel $db->v('titel');
$db_initial $db->v('initial');
$db_freigabe $db->v('freigabe');

$pagetype 'detail';
require(
CPO_BASEDIR.$activeModules[$directory]['directory'].'/includes/inc_output.inc.php');
?>


[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]

Greetz : Albania
Attacker/BlackWorm/­­­Dr.T3rr0r/­­­DarkShadow-TN/­­­Dr.AFN[D]ENA/­­XGHoSTn//ReSCooL1337/Sys
Ghost/­/M4XS4L1M1/­­­AnoaGhost/Slim El/Virus Noir/GH0STNY/Ayman
El/Mr.R00t2_404

Like us on Facebook :