Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sharlein
Member Emeritus


Joined: Nov 19, 2002
Posts: 322
Location: On the Road

PostPosted: Mon Jul 19, 2004 8:51 am Reply with quote

Quote:
TITLE:
PHP-Nuke Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA12083

VERIFY ADVISORY: Only registered users can see links on this board! Get registered or login!

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
PHP-Nuke 7.x Only registered users can see links on this board! Get registered or login!

DESCRIPTION:
Janek Vind has reported some vulnerabilities in PHP-Nuke, allowing malicious people to conduct Cross Site Scripting and SQL injection attacks.

1) Input passed in the search string in the "Search" module isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

2) The "Search" module fails to verify input passed to the "instory" parameter properly before it is used in a SQL query. This can be exploited to manipulate SQL queries.

3) Path information can be disclosed in error pages by passing invalid input such as "**" or "+" to the "Search" module.

4) Input passed to various parameters in the "Search" module isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

Examples:
modules.php?name=Search&sid=[malicious code] modules.php?name=Search&query=*&max=[malicious code] (Requires more than 9 search results) modules.php?name=Search&query=waraxe&sel1=[malicious
code]&type=comments modules.php?name=Search&a=6&query=*&match=[malicious code] modules.php?name=Search&query=*&mod3=[malicious code] (The specific module must be disabled)

5) The "Search" module fails to verify input passed to the "min" and "categ" parameters properly before it is used in a SQL query. This can be exploited to manipulate SQL queries.

This has been reported to affect version 7.3. Other versions may also be affected.

SOLUTION:
Use another product.

PROVIDED AND/OR DISCOVERED BY:
Janek Vind "waraxe"
Does this affect your release Raven? Thank you

_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Mon Jul 19, 2004 8:57 am Reply with quote

Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
sharlein
PostPosted: Mon Jul 19, 2004 9:17 am Reply with quote

Thank you very much!! I made the change.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©