BugTraq
PHP-NUKE 7.0 FINAL (and olders) sql injection Dec 27 2003 01:38PM
r00t rsteam ru

############ ###################### ####################
################### ######################## #########################
###################### ##### #### #### ##################
#### #### #### ##### ###### ## #####
### ###### ######## ################# ################ ######
### ####### ### ######## ################ ############## ######
### ## ############### #### ######## #######
### ##### ######## ################## #### ######## #######
### ####### ###### ################## #### ###### #######
### ########## #### #### ########### #### ##### ########
### ##### ###### #### ####### ####### #############
######## ########## ###################### ##########
####### ######## ################# ######
##### RusH security team | http://www.rsteam.ru

o----------------------------=[ Advisory #16 ]=----------------------------o
oxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxo
o-----------------------------------------------------------------------
---o
| Product: PHP-Nuke |
| Version: 7.0 FINAL (and olders) |
| Vulnerability: sql-injection |
| OffSite: http://www.phpnuke.org |
o-----------------------------------------------------------------------
---o
| Date: 22/12/2003 |
| Author: 1dt.w0lf // RsT |
o-----------------------------------------------------------------------
---o

o-------------------------=[ Problem ]:::

Problems found in Survey module.

o-------------------------=[ Example ]:::

www.victim.com/php-nuke/modules.php?name=Surveys&pollID=a'[sql_code_here
]

o--------------------=[ for contacts ]:::

1dt.w0lf - idtwolf[at]pisem[dot]net
RusH team - r00t[at]rsteam[dot]ru
web - www.rsteam.ru

o------------------------------=[ RU ]:::

U can find ru version of this advisory here:
http://rst.void.ru/texts/advisory16-ru.txt

o---------------------------------=[ EOF ]=--------------------------------o

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0.2

mQGiBD8+oMARBADX7sY86saLDTZXFOqXxDfvCfFrE2PIwp+1zrY5x/W3Tp7IxatZ
3+K2++XyBY+fIUGXXssoEIBFZqACBN7GCEZ+bdLn4P+nQujst7jxMDeM9vmoVZ9r
ZuDrNSxN1iUnbbpzrHdEKKPbM1dejpkVfpP7QVDvJLw1BdpDv8hrrYOZ7QCg/2dt
j+8desyl8SbNpgwtF2Spw3MD/RqX26aGb17a23qm7emDlAYZP0hvTKDuo7cdevVc
vfocvBKAFK1zQM4sbw4CtLLG75jrNPJOb9Blxx3TDbOJ4Y9IYwScG3yE5yWzE9K6
Ayd47hCJZXVHWmvcawB+mIBR6qEnGEAwwm8hAZzwfZP6KuOP+m77JE9pD6jdHh8R
lP9fBAC8XfHdT4Qk19IHoctMOOSYlq/qDJDiHRy33sGbfKFK9oGzdbWBTtaijGa/
Ni6nSOha75e8p0ObuUcwmM2AJ25dnvdNsveqRENDPN2ksGB0WVCfaM08Gx3hqKVE
zEaChYgKLeQntMFGdz1ijAkUATvYkScPrLdqSwNpB7wj3O7KtLQcMWR0LncwbGYg
PGlkdHdvbGZAcGlzZW0ubmV0PokAVwQQEQIAFwUCPz6gwAcLCQgHAwIKAhkBBRsD
AAAAAAoJEOc7beKo+uDKKWoAoPoCU3/H90Vmi1fxrUyqXV2+xjREAKCu/p+8hnlm
KR3VZZS6E5otSZTORLkCDQQ/PqDAEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bx
brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP
PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU
GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb
GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp
esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAjS5g
+HibMlO5wn8ywIpObRLqOqbbaEvzHY8Ja5OcirXTmkPUfnlRFHguJ2MsG2PuZJK3
o8pe+w2ML5O3ZZAGkAqYay42jKuDcxsisTXKqIoFCsXE9QcSn7H381w68pGPz4cz
ZhEMzA3gRsnrdPfbmIqHoWfLgwzg14WYQiP5AvyDck2t8FImLHWBJQtrs1a2eV4N
OlvSNchOqTYNxsQOCgVEg6vHM8krgM9vb21uXUPqhSo/xxEo5nNgdFpUbgNYbU3z
rGAyUPK1ikt2E1KfCWDtKUBCMBYHi+341aq++2tZHZ3MRmml010+/zkLXdF2R8di
Q2oOf9VAZc+2CTg4ookATAQYEQIADAUCPz6gwAUbDAAAAAAKCRDnO23iqPrgyrh+
AKCPKzCodjzGep2lbt3VSkjS62e7OACgnln/OMbUHa3X99fsJNvrR+e9Uss=
=2wgM
-----END PGP PUBLIC KEY BLOCK-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus