BugTraq
Back to list
|
Post reply
RE: modules name(Sections)SQL Injection Exploit
May 23 2006 07:03PM
Evans, Arian (Arian Evans fishnetsecurity com)
That looks a lot like a *nuke (PHPNuke & forks like PostNuke).
The "thold" param has a history of issues, XSS and the like, and
I seem to recall it is handled by the "Sections" module in Nuke.
If it's the code I think it is, there are more issues with other
params which are even listed in the example below.
(Hint: the op param)
Cheers,
Arian J. Evans
FishNet Security
913.710.7085 [mobile]
816.701.2045 [office]
> -----Original Message-----
> From: security curmudgeon [mailto:jericho (at) attrition (dot) org [email concealed]]
> Sent: Sunday, May 21, 2006 8:43 PM
> To: Mster-X (at) hotmail (dot) com [email concealed]
> Cc: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Re: modules name(Sections)SQL Injection Exploit
>
>
> : ********************
> : By: Mr-X
> : Email: Mster-X (at) hotmail (dot) com [email concealed]
> : Subject: modules name(Sections)SQL Injection
> : ********************
> :
> : example:-
> :
> /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=[SQL]
>
> What product is this in? Searching for "modules name
> sections" is not that
> helpful.
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
The "thold" param has a history of issues, XSS and the like, and
I seem to recall it is handled by the "Sections" module in Nuke.
If it's the code I think it is, there are more issues with other
params which are even listed in the example below.
(Hint: the op param)
Cheers,
Arian J. Evans
FishNet Security
913.710.7085 [mobile]
816.701.2045 [office]
> -----Original Message-----
> From: security curmudgeon [mailto:jericho (at) attrition (dot) org [email concealed]]
> Sent: Sunday, May 21, 2006 8:43 PM
> To: Mster-X (at) hotmail (dot) com [email concealed]
> Cc: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Re: modules name(Sections)SQL Injection Exploit
>
>
> : ********************
> : By: Mr-X
> : Email: Mster-X (at) hotmail (dot) com [email concealed]
> : Subject: modules name(Sections)SQL Injection
> : ********************
> :
> : example:-
> :
> /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=[SQL]
>
> What product is this in? Searching for "modules name
> sections" is not that
> helpful.
>
[ reply ]