Description - Authentication Bypass and SQL Injection in MD News
Multiple Vulnerabilities found in MD News script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
1. SQL Injection.
Vulnerable script: admin.php
Parameter id is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
2. Authentication Bypass.
"Administration Area" script has no any authentication. Any user can get access to administrator's area. (Just need to know script name)
Order Source Code Review
Protect your website by source code test of your site done by our team.The work will be done by experts in web security.