Bugtraq mailing list archives
SQL-Injection in Subjects 2.0 for Postnuke
From: Criolabs <security () criolabs net>
Date: Thu, 09 Sep 2004 21:20:50 -0400
**************************************************************************************************** CRIOLABS - Software: Subjects 2.0 - Type: Postnuke module - Vendor: Postnuke Modules Factory. **************************************************************************************************** ## Software ## Software: Subjects Postnuke module Version: 2.0 Plataforms: Unix/Win/PHP/MySQL/Postnuke Web: http://home.postnuke.ru ## Vendor Description ## Module is designed for structured store & display text content with a possibility to store content in file on the disc. Probably, the best one for converting existing based on HTML pages site to PostNuke. ## Vulnerabilities ## Sql-Injection in pageid, subid, catid variables. ## Sql-Injection ## The previous variables are vulnerables to SQL-Injection attacks. These SQL injection vulnerabilities allow a remote user to inject arbitrary SQL commands. /index.php?module=subjects&func=listpages&subid=[SQL] /index.php?module=subjects&func=viewpage&pageid=[SQL] /index.php?module=subjects&func=listcat&catid=[SQL] ## History ## Vendor contacted but no response. ## Solution ## There is no solution at this time, we recommend to remove immediately this module ## Credits ## Criolabs staff Original advisory and proof of concept at http://www.criolabs.net/advisories/subjects2.txt
Current thread:
- SQL-Injection in Subjects 2.0 for Postnuke Criolabs (Sep 10)