https://www.exploit-db.com/exploits/24842
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1089

IWebNegar存在SQL注入漏洞。远程攻击者可以借助（1）index.php的string参数，（2）comments.php，或者（3）管理员登陆页面执行任意SQL命令。

source: http://www.securityfocus.com/bid/11946/info

iWebNegar is reported prone to multiple SQL injection vulnerabilities, these issues exist due to a lack of sufficient boundary checks performed on user-supplied URI parameter data.

These issues could theoretically be exploited to compromise the software by performing unauthorized actions on the database, such as modifying or viewing data. SQL injection attacks may also be used to exploit latent vulnerabilities in the underlying database. This may depend on the nature of the query being manipulated as well as the capabilities of the database implementation.

http://www.example.com/weblog/index.php?string=[sql injection code]

来源:XF
名称:iwebnegar-sql-injection(18505)
链接:http://xforce.iss.net/xforce/xfdb/18505
来源:BID
名称:11946
链接:http://www.securityfocus.com/bid/11946
来源:BUGTRAQ
名称:20041215iwebnegarisvulnerabletoallkindofsqlinjections
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110314454810163&w;=2