------------------------------------------------------
      Nightmare TeAmZ Advisory 012
------------------------------------------------------
Date -  10/2005
News2Net Sql Injection


AFFECTED PRODUCTS
=================
News2Net
https://www.bemoore.com


OVERVIEW
========
The News2Net system is a powerful Newspaper, Magazine and Newsletter 
publication manager with the following features: - Upload a whole newspaper 
in seconds. - Add and Edit content as if you were using a word processor. - 
Generate revenue using the advertisment manager and the subscription 
modules. - Newspaper layout and look and feel are fully customisable using 
HTML templates. - Attach images to articles with ease. - Compose complete 
edition and then when you are happy, publish it.

POC
===
https://[Host]/[path]/index.php?category=[SQL]

IMPACT
========
An unauthenticated attacker may execute arbitrary SQL statements on the 
vulnerable system. This may compromise the integrity of the database and 
expose sensitive information.


Solution:
=========
1. Venditor Not Contacted


Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: https://www.NightmareTeAmZ.altervista.org <--IT Security Forum

_________________________________________________________________
Ricerche online più semplici e veloci con MSN Toolbar! 
https://toolbar.msn.it/