[32016] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

PHP-Nuke SQL Injection

daemon@ATHENA.MIT.EDU (mod)
Wed Oct 8 13:32:39 2003

Date: 8 Oct 2003 15:37:38 -0000
Message-ID: <20031008153738.18574.qmail@sf-www3-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: mod <rottyfig12@hotmail.com>
To: bugtraq@securityfocus.com

Version: PHP-Nuke 6.6
Language: PHP
Web site: phpnuke.org
Status: Vendor has been notified

There's an SQL injection hole in modules.php.

http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=59%20or%20cid=2

This is from not filtering 'cid', it should be checked that it is only numeric with is_numeric(). This hole could allow viewing of password hashes if the database is mysql 4.x.

This may effect other versions.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32016] in bugtraq

PHP-Nuke SQL Injection

daemon@ATHENA.MIT.EDU (mod)Wed Oct 8 13:32:39 2003

daemon@ATHENA.MIT.EDU (mod)
Wed Oct 8 13:32:39 2003