header-logo
Suggest Exploit
vendor:
NukeJokes module
by:
7.5
CVSS
HIGH
Input Validation
CWE
Product Name: NukeJokes module
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple Input Validation Vulnerabilities in NukeJokes Module

The NukeJokes module is affected by multiple input validation vulnerabilities. These include multiple SQL injection issues and multiple cross-site scripting vulnerabilities. The vulnerabilities arise due to a failure to properly sanitize user-supplied input, allowing remote attackers to manipulate query logic and potentially gain unauthorized access to sensitive information or execute malicious scripts in the context of the victim user's browser.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques in the NukeJokes module. This includes validating and filtering user-supplied input before using it in SQL queries or including it in dynamic web content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10306/info

It has been reported that the NukeJokes module is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.

Multiple SQL injection issues exists due to a failure of the application to do any sanitization on user input prior to using the offending input in an SQL query.

These SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data.

Multiple cross-site scripting vulnerabilities have been reported to exist due to a failure of the application to properly sanitize user-supplier input before its inclusion in dynamic web content. 

These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.

http://www.example.com/nuke72/modules.php?name=NukeJokes&func=CatView&cat=[xss code here]
http://www.example.com/nuke72/modules.php?name=NukeJokes&func=JokeView&jokeid=[xss code here]

Navigation

Suggest Exploit

Services By CQR