• info
• discussion
• exploit
• solution
• references

PHPNuke Multiple SQL Injection Vulnerabilities

No exploit is required.

Examples have been provided:

http://www.example.com/modules.php?name=News&file=article&sid=[SQL]
http://www.example.com/modules.php?name=News&file=comments&Reply&pid=[SQL]
http://www.example.com/modules.php?name=News&file=comments&op=Reply&pid=[SQL]
http://www.example.com/modules.php?name=News&file=comments&op=Reply&sid=[SQL]

1dt.w0lf has provided the following exploit code:

• /data/vulnerabilities/exploits/phpnuke-sql-inj.c