SQL Injection Vulnerability in AZNEWS
- SQL Injection Vulnerability in AZNEWS
- Last Update
- 2006.05.09 Exploitation code published
- Risk Level
- SQL Injection
- Unpatched. No reply from developer(s)
- Vulnerable Software
- AZNEWS (http://zoerb.net/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in AZNEWS (http://zoerb.net/) script.SQL Injection.
Vulnerable script: news.php
Parameter ID is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
PoC/Exploit1. SQL Injection Example.
Solution for "SQL Injection Vulnerability in AZNEWS" is not available. Check vendor's website for updates.
Order Source Code Analysis made by eVuln
Protect against hacker attacks by source code analysis of your website made by eVuln team.The work will be done by specialists in website security.