PostNuke dl-viewdownload.php show Variable SQL Injection

2005-08-22T04:50:30
ID OSVDB:18970
Type osvdb
Reporter OSVDB
Modified 2005-08-22T04:50:30

Description

Manual Testing Notes

http://[target]/[DIR]/index.php?name=Downloads&req=viewdownload&cid=1&show=[SQL%20INJECTION]

References:

Secunia Advisory ID:16534 Related OSVDB ID: 18971 Related OSVDB ID: 18972 Other Advisory URL: http://www.securityreason.com/adv/PN15.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0288.html Keyword: cXIb8O3 CVE-2005-2690 Bugtraq ID: 14636