another php nuke/sql vulnerability

**snowmaker** · 2-11-04, 11:04 AM

TITLE:
PHP-Nuke SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA10843

VERIFY ADVISORY:
http://www.secunia.com/advisories/10843/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
>From remote

SOFTWARE:
PHP-Nuke 5.x
PHP-Nuke 6.x
PHP-Nuke 7.x

DESCRIPTION:
pokleyzz has reported two vulnerabilities in PHP-Nuke, allowing
malicious people to conduct SQL injection attacks.

1) The "Search" module fails to verify input passed to the "category"
parameter properly before it is used in a SQL query. This can be
exploited to manipulate SQL queries.

2) The "Web_Links" module fails to verify input passed to the "admin"
parameter properly before it is used in a SQL query. This can be
exploited to manipulate SQL queries.

A proof of concept exploit exploiting these vulnerabilities to
enumerate the administrative password hash has been published.

The vulnerabilities have been reported in versions 5.x, 6.x and
possibly 7.x.

SOLUTION:
Edit the source to ensure that input is properly verified.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
pokleyzz

ORIGINAL ADVISORY:
http://www.scan-associates.net/papers/phpnuke69.txt

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://www.secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/

2-11-04, 11:04 AM	#1
snowmaker   Join Date: Nov 2002 Location: Solomons Island Posts: 3,119 Reputation: 318	another php nuke/sql vulnerability TITLE: PHP-Nuke SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA10843 VERIFY ADVISORY: http://www.secunia.com/advisories/10843/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: PHP-Nuke 5.x PHP-Nuke 6.x PHP-Nuke 7.x DESCRIPTION: pokleyzz has reported two vulnerabilities in PHP-Nuke, allowing malicious people to conduct SQL injection attacks. 1) The "Search" module fails to verify input passed to the "category" parameter properly before it is used in a SQL query. This can be exploited to manipulate SQL queries. 2) The "Web_Links" module fails to verify input passed to the "admin" parameter properly before it is used in a SQL query. This can be exploited to manipulate SQL queries. A proof of concept exploit exploiting these vulnerabilities to enumerate the administrative password hash has been published. The vulnerabilities have been reported in versions 5.x, 6.x and possibly 7.x. SOLUTION: Edit the source to ensure that input is properly verified. Use another product. PROVIDED AND/OR DISCOVERED BY: pokleyzz ORIGINAL ADVISORY: http://www.scan-associates.net/papers/phpnuke69.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://www.secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread: