[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PHP-Nuke SQL Injection

To: bugtraq@securityfocus.com
Subject: PHP-Nuke SQL Injection
From: mod <rottyfig12@hotmail.com>
Date: 8 Oct 2003 15:37:38 -0000


Version: PHP-Nuke 6.6
Language: PHP
Web site: phpnuke.org
Status: Vendor has been notified

There's an SQL injection hole in modules.php.

http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=59%20or%20cid=2

This is from not filtering 'cid', it should be checked that it is only numeric 
with is_numeric(). This hole could allow viewing of password hashes if the 
database is mysql 4.x.

This may effect other versions.

Follow-Ups:
- Re: PHP-Nuke SQL Injection
  - From: 3APA3A <3APA3A@SECURITY.NNOV.RU>

Prev by Date: Openoffice 1.1.0 DoS
Next by Date: HPUX dtprintinfo buffer overflow vulnerability
Previous by thread: Openoffice 1.1.0 DoS
Next by thread: Re: PHP-Nuke SQL Injection
Index(es):
- Date
- Thread