Exploitation Summary
EIP tracks 3 public exploits for CVE-2005-2896. PoCs published by onkel_fisch.
AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in WEB//NEWS, specifically in the 'modules/startup.php' file. It includes an example payload to bypass authentication by exploiting improper input sanitization.
Description
SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.
Exploits (3)
The provided text describes a SQL injection vulnerability in WEB//NEWS, specifically in the 'modules/startup.php' file. It includes an example payload to bypass authentication by exploiting improper input sanitization.
The provided text describes a SQL injection vulnerability in WEB//NEWS, where the 'id' parameter in 'print.php' is not properly sanitized. It includes a basic example URL for exploitation but lacks actual exploit code.
The provided text describes SQL injection vulnerabilities in WEB//NEWS, detailing vulnerable parameters in the 'news.php' script. It does not include actual exploit code but outlines the attack vectors.