phpNuke
Archived Posts from this Category
[phpNuke] NukeSentinel “admin” Cookie SQL Injectio
TITLE:
NukeSentinel “admin” Cookie SQL Injection
SECUNIA ADVISORY ID:
SA26954
VERIFY ADVISORY:
http://secunia.com/advisories/26954/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
NukeScripts NukeSentinel 2.x
http://secunia.com/product/5071/
DESCRIPTION:
Janek Vind has reported a vulnerability in NukeSentinel, which can be
exploited by malicious people to conduct SQL injection attacks.
Input passed to the “admin” cookie in includes/nsbypass.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in version 2.5.11. Prior versions may also
be affected.
SOLUTION:
Update to version 2.5.12.
PROVIDED AND/OR DISCOVERED BY:
Janek Vind a.k.a. waraxe
ORIGINAL ADVISORY:
NukeSentinel: http://www.nukescripts.net/index.php?op=NEArticle&sid=4076
Janek Vind:
http://www.waraxe.us/advisory-53.html
Virus Scanned at Code-authors.com
—
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 000777-1, 26/09/2007
Tested on: 27/09/2007 18:31:45
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com
0 comments Thursday 27 Sep 2007 | Guardian | phpNuke
[phpNuke] Nuked-Klan “X-Forwarded-For” SQL Injection Vulnerabilit
TITLE:
Nuked-Klan “X-Forwarded-For” SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA25165
VERIFY ADVISORY:
http://secunia.com/advisories/25165/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
Nuked-Klan 1.x
http://secunia.com/product/1015/
DESCRIPTION:
DarkFig has discovered a vulnerability in Nuked-Klan, which can be
exploited by malicious people to conduct SQL injection attacks.
Input passed in the “X-Forwarded-For” HTTP header in index.php and
potentially other files is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
Successful exploitation allows administrator access. Note that this
further can be exploited to execute arbitrary PHP code.
The vulnerability is confirmed in version 1.7.6. Other versions may also
be vulnerable.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
DarkFig
0 comments Monday 07 May 2007 | Guardian | phpNuke