Bugtraq mailing list archives
Re: PHP Nuke <= 7.8 Multiple SQL Injections
From: Matthias Jim Knopf <jim () users de>
Date: Fri, 16 Sep 2005 00:44:38 +0200 (MEST)
What do you gain from that? In what way would you think your advice did ANYTHING GOOD? You did neither issue a "addslashes()" as appropriate for SQL-commands, nor did you explain, why a variable set by a POST or a COOKIE could be worse than anything you could give any URL by appending '?name=...' or '&name=...' (->GET vars) Greetings, Matthias "jim" Knopf -- GPG/PGP encrypted mails welcome! Windose Milenium Bug
PHP Nuke 7.8 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. In the modules.php $result = $db->sql_query("SELECT active, view FROM ".$prefix."_modules WHERE title='$name'"); The $name variable is not checked so you could inject malicious SQL Code. In an file which is included whe have the following code:
[...]
The $name variable and others like $sid are expected via $_GET and not $_POST. The proper start to sanitizing the data here is to ensure that $name is obtained via $_GET and not injected by $_POST, $_COOKIE, or anything else.
[...]
To be specific, find the modules.php file and check for the first instance of "$name". An example: "if (isset($name)) {" Prior to that, simply put in such a line: $name = $_GET['name'];
Current thread:
- PHP Nuke <= 7.8 Multiple SQL Injections r . verton (Sep 12)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski (Sep 15)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Matthias Jim Knopf (Sep 16)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski (Sep 16)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Daniel Bonekeeper (Sep 19)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski (Sep 19)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections hans (Sep 19)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Matthias Jim Knopf (Sep 16)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski (Sep 15)
- <Possible follow-ups>
- Re: PHP Nuke <= 7.8 Multiple SQL Injections evaders99 (Sep 15)
- Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski (Sep 16)