• info
• discussion
• exploit
• solution
• references

PostNuke DL-viewdownload.PHP SQL Injection Vulnerability

No exploit is required.

The following proof of concept URI is available:

http://www.example.com/[DIR]/index.php?name=Downloads&req=viewdownload&cid=1&show=[SQL%20INJECTION]