• info
• discussion
• exploit
• solution
• references

PostNuke Modules Factory Subjects Module SQL Injection Vulnerability

No exploit is required to leverage this issue. The following proof of concepts have been provided:

http://www.example.com/index.php?module=subjects&func=listpages&subid=[SQL]
http://www.example.com/index.php?module=subjects&func=viewpage&pageid=[SQL]
http://www.example.com/index.php?module=subjects&func=listcat&catid=[SQL]