CVE-2008-7059
published 2009-08-24CVE-2008-7059: SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.4th percentile
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection
exploitdb·2008-08-23
CVE-2008-7059 onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection
onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection
---
______________________///////////////\\\\\\\\\\\\\\\____________________
}Name : OneNews Beta 2 Multiple Vulnerabilities {
{Author : suN8Hclf[crimsoN_Loyd9], (DaRk-CodeRs Group) }
}Source : http://sourceforge.net/project/showfiles.php?group_id=193198 {
{Dork : Powered by One-News }
}Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke {
_________________________________{}*{}__________________________________
|1. XSS and html injection|
Conditions: MAGIC_QUOTES=ON/OFF
Vulnerable code(add.php):
--------------------------------------CODE----------------------------------------------
$insert = "INSERT INTO entries (title, content) VALUES ('" . $_POST['title'] . "', '" . $_POST['content'] . "')";
mysql_query($insert) or die
Exploit-DB
One-News - Multiple Input Validation Vulnerabilities
exploitdb·2008-08-23
CVE-2008-7059 One-News - Multiple Input Validation Vulnerabilities
One-News - Multiple Input Validation Vulnerabilities
---
source: https://www.securityfocus.com/bid/30804/info
One-News is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and multiple HTML-injection issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Beta 2 of One-News is prone to these issues.
http://www.example.com/onenews_beta2/index.php?q=3' and 1=2 union select 1,2,3/*
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/495679/100/0/threadedhttp://www.securityfocus.com/bid/30804https://exchange.xforce.ibmcloud.com/vulnerabilities/44644http://www.securityfocus.com/archive/1/495679/100/0/threadedhttp://www.securityfocus.com/bid/30804https://exchange.xforce.ibmcloud.com/vulnerabilities/44644
2009-08-24
Published