Bugtraq mailing list archives

RE: modules name(Sections)SQL Injection Exploit

From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Tue, 23 May 2006 14:03:57 -0500

That looks a lot like a *nuke (PHPNuke & forks like PostNuke).

The "thold" param has a history of issues, XSS and the like, and
I seem to recall it is handled by the "Sections" module in Nuke.

If it's the code I think it is, there are more issues with other
params which are even listed in the example below.

(Hint: the op param)

Cheers,

Arian J. Evans
FishNet Security
913.710.7085 [mobile]
816.701.2045 [office]

-----Original Message-----
From: security curmudgeon [mailto:jericho () attrition org] 
Sent: Sunday, May 21, 2006 8:43 PM
To: Mster-X () hotmail com
Cc: bugtraq () securityfocus com
Subject: Re: modules name(Sections)SQL Injection Exploit


: ********************
: By: Mr-X
: Email: Mster-X () hotmail com
: Subject: modules name(Sections)SQL Injection 
: ********************
: 
: example:-
: 
/modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=[SQL]

What product is this in? Searching for "modules name 
sections" is not that 
helpful.

Current thread:

modules name(Sections)SQL Injection Exploit Mster-X (May 05)
- Re: modules name(Sections)SQL Injection Exploit security curmudgeon (May 22)
- <Possible follow-ups>
- RE: modules name(Sections)SQL Injection Exploit Evans, Arian (May 25)