CVE-2007-2492

PostNuke v4bJournal - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2492. PoCs published by Ali Abbasi.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PostNuke Journal module. It allows an attacker to extract user credentials (username and password) from the database by manipulating the 'id' parameter in the URL.

Description

SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ali Abbasi · textwebappsphp

https://www.exploit-db.com/exploits/3835

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in PostNuke Journal module. It allows an attacker to extract user credentials (username and password) from the database by manipulating the 'id' parameter in the URL.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PostNuke Journal module

No auth needed

Prerequisites: Target must have PostNuke Journal module installed · Attacker must know the table structure (nuke_users)

MITRE ATT&CK