https://www.exploit-db.com/exploits/26236
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-123

StylemotionWEB//NEWS是一款基于WEB的PHP编写的新闻管理程序。StylemotionWEB//NEWS对用户提交给的参数缺少正确充分的过滤，远程攻击者可以利用此漏洞非授权操作数据库。StylemotionWEB//NEWS的多个脚本对用户提交cat或id参数数据缺少充分过滤，远程攻击者可以通过在输入数据中插入特定的SQL命令来非授权获取对数据库的访问。

source: http://www.securityfocus.com/bid/14776/info
  
WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
  
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/print.php?id=[SQL]

来源:XF
名称:web-news-sql-injection(22179)
链接:http://xforce.iss.net/xforce/xfdb/22179
来源:BID
名称:14776
链接:http://www.securityfocus.com/bid/14776
来源:SECUNIA
名称:16727
链接:http://secunia.com/advisories/16727/
来源:BUGTRAQ
名称:20050907[NewAngelsAdvisory#5]StylemotionWEB//NEWS1.4Vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112611504519410&w;=2