Full Disclosure mailing list archives
PHP-Nuke x.x AND PostNuke x.x SQL Injection
From: pedro.inacio () netropolis pt (Pedro Inacio)
Date: Thu, 26 Sep 2002 19:34:07 +0100
Hello again, just to say that PostNuke ( fork of PHP-Nuke ) is vulnerable to the same bugs AND it is possible to inject different SQL code in order to do other "funny" but "dangerous" things. Note to the guys of those projects: Filter those URL entries!!! Cheers, Pedro Inacio ----- Original Message ----- From: "Pedro Inacio" <pedro.inacio () netropolis pt> To: <full-disclosure () lists netsys com> Sent: Wednesday, September 25, 2002 1:02 AM Subject: [Full-disclosure] PHP-Nuke x.x SQL Injection
Hello, All PHP-Nuke versions, including the just released 6.0, are vulnerable to
a
very simple SQL injection that may lead to a basic DoS attack. For instance, if you create a short script, to send a few requests, (I
have
tested with just 6) similar to this:
http://www.nukesite.com/modules.php?name=News&file=article&sid=1234%20or%201
=1 after a real short time the load of the machine is so high that it will become inacessible. When the script is stopped, the server will take a few minutes to recover from the load and become acessible again. Well, the number of requests depends on your MySQL parameters and
hardware,
but in general all the tested php-nuke sites where vulnerable and become inacessible. If you are running PHP-Nuke, I suggest the creation of some filters to
avoid
this kind of attack. Other things can be made, but I will not talk about them now. I will wait until Francisco fix them. Francisco was noticed a month ago, but the problems persist. Cheers, Pedro Inacio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- PHP-Nuke x.x SQL Injection Pedro Inacio (Sep 24)
- PHP-Nuke x.x AND PostNuke x.x SQL Injection Pedro Inacio (Sep 26)