BugTraq
Back to list
|
Post reply
PHP-Nuke SQL Injection
Oct 08 2003 03:37PM
mod (rottyfig12 hotmail com)
(1 replies)
Version: PHP-Nuke 6.6
Language: PHP
Web site: phpnuke.org
Status: Vendor has been notified
There's an SQL injection hole in modules.php.
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=59%2
0or%20cid=2
This is from not filtering 'cid', it should be checked that it is only numeric with is_numeric(). This hole could allow viewing of password hashes if the database is mysql 4.x.
This may effect other versions.
[ reply ]
Re: PHP-Nuke SQL Injection
Oct 08 2003 04:52PM
3APA3A (3APA3A SECURITY NNOV RU)
Privacy Statement
Copyright 2010, SecurityFocus
Version: PHP-Nuke 6.6
Language: PHP
Web site: phpnuke.org
Status: Vendor has been notified
There's an SQL injection hole in modules.php.
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=59%2
0or%20cid=2
This is from not filtering 'cid', it should be checked that it is only numeric with is_numeric(). This hole could allow viewing of password hashes if the database is mysql 4.x.
This may effect other versions.
[ reply ]