PHP-Nuke Ratedownload suffers from a remote SQL injection vulnerability.
11f80d08f579f7bb45439f9c8bfa5659
Hello
ITSecTeam has found new vulnerability in PHP-Nuke All Version.
below is a copy of advisory and also attached with email.
Have a good day
===========================================================================
( #Topic : PHP-Nuke All Version
( #Bug type : SQL Injection
( #Download : http://phpnuke.org/modules.php?name=Downloads
( #Advisory : http://itsecteam.com/fa/vulnerabilities/vulnerability21.htm
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Thanks : Amin Shokohi(Pejvak!) , M3hr@n.S , 0xd41684c654 And All Team
Exploit ===================================================================
( *
http:/Site.ir/PHP-Nuke/modules.php?view=0&name=downloads&file=index&d_op=ratedownload&lid=
SQL Injection Code
---------------------------------------------------------------------------
<BUG>
function ratedownload($lid, $user) {
global $prefix, $cookie, $datetime, $module_name, $user_prefix;
include("header.php");
menu(1);
$row = $db->sql_fetchrow($db->sql_query("SELECT title FROM
".$prefix."_downloads_downloads WHERE lid='**BUG**$lid'**BUG**"));
........}
</Bug>
----------------------------------------------------------------------------
This Bug Works when Register_Globals=On
============================================================================
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!