CVE-2007-2520

MyNews 0.10 - SQL Injection via authacc Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2520. PoCs published by netVigilance.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in MyNews by manipulating the 'authacc' cookie to bypass authentication and access session data. The payload uses a UNION-based SQLi to retrieve data from the 'sessions' table.

Description

SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by netVigilance · textwebappsphp

https://www.exploit-db.com/exploits/30230

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in MyNews by manipulating the 'authacc' cookie to bypass authentication and access session data. The payload uses a UNION-based SQLi to retrieve data from the 'sessions' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MyNews 0.10

No auth needed

Prerequisites: Access to the target application's cookie manipulation

MITRE ATT&CK