Bugtraq mailing list archives
RE: modules name(Sections)SQL Injection Exploit
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Tue, 23 May 2006 14:03:57 -0500
That looks a lot like a *nuke (PHPNuke & forks like PostNuke). The "thold" param has a history of issues, XSS and the like, and I seem to recall it is handled by the "Sections" module in Nuke. If it's the code I think it is, there are more issues with other params which are even listed in the example below. (Hint: the op param) Cheers, Arian J. Evans FishNet Security 913.710.7085 [mobile] 816.701.2045 [office]
-----Original Message----- From: security curmudgeon [mailto:jericho () attrition org] Sent: Sunday, May 21, 2006 8:43 PM To: Mster-X () hotmail com Cc: bugtraq () securityfocus com Subject: Re: modules name(Sections)SQL Injection Exploit : ******************** : By: Mr-X : Email: Mster-X () hotmail com : Subject: modules name(Sections)SQL Injection : ******************** : : example:- : /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=[SQL] What product is this in? Searching for "modules name sections" is not that helpful.
Current thread:
- modules name(Sections)SQL Injection Exploit Mster-X (May 05)
- Re: modules name(Sections)SQL Injection Exploit security curmudgeon (May 22)
- <Possible follow-ups>
- RE: modules name(Sections)SQL Injection Exploit Evans, Arian (May 25)