PHPNuke Web_Links Module Remote SQL Injection Vulnerability

info
discussion
exploit
solution
references

PHPNuke Web_Links Module Remote SQL Injection Vulnerability

The following proof of concept was made available by Albert Puigsech Galicia <ripe@7a69ezine.org>:

http://www.example.com/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=2%20<our_code>

where <our_code> represents attacker-supplied SQL code.