Php Nuke Blind Sql Injection 8.x.x

vendor:

Php Nuke

by:

ITSecTeam

8,8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Php Nuke

Affected Version From: 8.x.x

Affected Version To: 8.x.x

Patch Exists: NO

Related CWE: N/A

CPE: a:php-nuke:php_nuke

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Php Nuke Blind Sql Injection 8.x.x

A Blind SQL Injection vulnerability exists in the Php Nuke 8.x.x web application. This vulnerability allows an attacker to inject malicious SQL queries into the application, which can be used to gain access to sensitive information stored in the database. The vulnerability exists in the 'modules/Web_Links/index.php' file, specifically in the 'Add' function. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the application, which contains malicious SQL code in the 'url' parameter. This will cause the application to execute the malicious code, allowing the attacker to gain access to the database.

Mitigation:

To mitigate this vulnerability, the application should validate user input and sanitize it before passing it to the database. Additionally, the application should use parameterized queries instead of dynamic SQL queries.

Source

Exploit-DB raw data:

#Title: Php Nuke Blind Sql Injection 8.x.x
#Vendor: http://www.php-nuke.org/
#######################################################################
#AUTHOR:  ITSecTeam
#Email:   Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum :  http://forum.ITSecTeam.com
#Advisory:www.ITSecTeam.com/en/vulnerabilities/vulnerability58.htm
#Thanks:  M3hr@n$,r3dm0v3,am!rkh@n,Platen,Erfan.Blackhat and Dosib
#Discovered By Amin Shokohi(Pejvak)
######################################################################

Poc :modules\Web_Links\index.php line:223
function Add($title, $url, $auth_name, $cat, $description, $email) {
global $prefix, $db, $user;
$url = filter($url, "nohtml");
$result = $db->sql_query("SELECT url from ".$prefix."_links_links where
url='$url'");
$numrows = $db->sql_numrows($result);
if ($numrows>0) {......

######################################################################
#Bug : http://site.com/modules.php?name=Web_Links&l_op=Add&url=sql Injection
######################################################################