Fantastic News "category" SQL inj
Vuln. dicovered by : Ni
Date: 25 Jan. 2008
Vendor:www.fscripts.com
Product link:http://fscripts.com/free.php?id=1
affected version: 2.1.1 and prior
Product description:
Fantastic News is a very simple but powerful news management system. It contains an easy install script it gives you the ability to modify everything that the script displays since it uses templates. It has multiple user levels for news posters, ability to comment news, rating of news items, read more news option, WYSIWYG editor for news, uploading of files to news items, smilies and comment code for comments. It has the ability to generate XML feeds for a specified amount of news items. It has archive and search news support as well as a built in news tip system. It contains all these features but it is also very fast and uses minimal resources.
Vuln. Description:
Input passed to the "category" parameter in "news.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
example:
/news.php?action=news&category=[SQL]
Solution:
Edit the source code to ensure that input is properly sanitised.
