PHP-Nuke Search Module instory Variable SQL Injection

2004-07-16T00:00:00
ID OSVDB:7950
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-07-16T00:00:00

Description

Vulnerability Description

PHP-Nuke contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the instory variable in the Search module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP-Nuke contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the instory variable in the Search module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/nuke73/modules.php?name=Search&type=comments& query=not123exists&instory=//UNION//SELECT//0,0,pwd,0,aid//FROM/**/nuke_authors

References:

Vendor URL: http://phpnuke.org Related OSVDB ID: 7949 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=35 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0176.html Keyword: waraxe-2004-SA#035 CVE-2004-0732