[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
Exploit Title : Newsletter 4.3 SQL Injection Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage: www.conpresso.de - www.conpresso4.de
Google Dork ONE: intext:Module Newsletter 4.3
Google Dork TWO: Module Newsletter 4.3 by www.conpresso4.de
Date : 2015-05-21
Tested On : linux Kali + Windows Se7en
Link Software : http://www.conpresso4.de/_data/cpo4_mod_newsletter_4.3e.zip
[-][-][-][-][-][-][-][-][-][-] DESCRITION [-][-][-][-][-][-][-][-][-][-]
newsletter Module SQL Injection Vulnerability
Researched by Ashiyane Security Researcher Team
[-][-][-][-][-][-][-][-][-][-] Location [-][-][-][-][-][-][-][-][-][-][-]
http://localhost/[patch]/mod_newsletter/preview.php?action=preview&nr=( SQL )
[-][-][-][-][-][-][-][-][-] Vulnerability CODE [-][-][-][-][-][-][-][-][-]
======= includes/inc_preview.inc.php ========
<?php
if (!defined('CPO')) exit;
if (!is_numeric($_GET['nr'])) exit;
$query = "SELECT commentary, verfallsdatum, templates_id, nr, idx,
email, autor, pub_datum, titel, initial, freigabe "
."FROM ".CPO_NEWS." "
."WHERE nr=".(int)$_GET['nr']." ";
DEBUG(2, $query, __FILE__, __LINE__);
$db = new DB;
$db->query($query);
$db->next_record();
$db_template = $db->v('templates_id');
$db_nr = $db->v('nr');
$db_idx = $db->v('idx');
$db_email = $db->v('email');
$db_autor = $db->v('autor');
$db_pub_datum = $db->v('pub_datum');
$db_verfallsdatum = $db->v('verfallsdatum');
$db_commentary = $db->v('commentary');
$db_titel = $db->v('titel');
$db_initial = $db->v('initial');
$db_freigabe = $db->v('freigabe');
$pagetype = 'detail';
require(CPO_BASEDIR.$activeModules[$directory]['directory'].'/includes/inc_output.inc.php');
?>
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
Discovered by : SeRaVo.BlackHat >> H.4.S.S.4.N <<
Special Tnx : Hamed Nikpour - Hesam Bazvand - H_SQLI.EMpiRe - Rezahck23
Mohammad habili - Alireza Akhtari - Und3rgr0und - EviL ShaDoW - ACCESS
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]