PHP-NUKE 7.0 FINAL (and olders) sql injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP-NUKE 7.0 FINAL (and olders) sql injection
From: r00t@xxxxxxxxx
Date: Sat, 27 Dec 2003 16:38:11 +0300
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: RusH security team
Reply-to: r00t@xxxxxxxxx

     ############         ######################   ####################     
  ###################    ######################## ######################### 
 ###################### #####                #### ####    ##################
####               #### ####                ##### ######        ##     #####
###    ######       ########    ################# ################    ######
###    #######  ### ########    ################    ##############   ###### 
###   ##       ###############              ####       ########   #######   
###   #####    ########  ##################  ####    ########   #######     
###   #######    ######  ##################  ####    ######   #######       
###  ##########    ####  ####   ###########  ####   #####  ########         
### #####  ######  ####  #######          #######   #############           
########     ##########   ######################    ##########              
#######        ########     #################         ######                
                 #####  RusH security team  | http://www.rsteam.ru       


o----------------------------=[ Advisory #16 ]=----------------------------o
oxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
o--------------------------------------------------------------------------o
| Product: PHP-Nuke                                                        |
| Version: 7.0 FINAL (and olders)                                          |
| Vulnerability: sql-injection                                             |
| OffSite: http://www.phpnuke.org                                          |
o--------------------------------------------------------------------------o
| Date: 22/12/2003                                                         |
| Author: 1dt.w0lf // RsT                                                  |
o--------------------------------------------------------------------------o


o-------------------------=[ Problem ]:::
 
 Problems found in Survey module.

o-------------------------=[ Example ]:::

 www.victim.com/php-nuke/modules.php?name=Surveys&pollID=a'[sql_code_here]

o--------------------=[ for contacts ]:::

 1dt.w0lf - idtwolf[at]pisem[dot]net
 RusH team - r00t[at]rsteam[dot]ru
 web - www.rsteam.ru

o------------------------------=[ RU ]:::
 
U can find ru version of this advisory here:
http://rst.void.ru/texts/advisory16-ru.txt

o---------------------------------=[ EOF ]=--------------------------------o




-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0.2

mQGiBD8+oMARBADX7sY86saLDTZXFOqXxDfvCfFrE2PIwp+1zrY5x/W3Tp7IxatZ
3+K2++XyBY+fIUGXXssoEIBFZqACBN7GCEZ+bdLn4P+nQujst7jxMDeM9vmoVZ9r
ZuDrNSxN1iUnbbpzrHdEKKPbM1dejpkVfpP7QVDvJLw1BdpDv8hrrYOZ7QCg/2dt
j+8desyl8SbNpgwtF2Spw3MD/RqX26aGb17a23qm7emDlAYZP0hvTKDuo7cdevVc
vfocvBKAFK1zQM4sbw4CtLLG75jrNPJOb9Blxx3TDbOJ4Y9IYwScG3yE5yWzE9K6
Ayd47hCJZXVHWmvcawB+mIBR6qEnGEAwwm8hAZzwfZP6KuOP+m77JE9pD6jdHh8R
lP9fBAC8XfHdT4Qk19IHoctMOOSYlq/qDJDiHRy33sGbfKFK9oGzdbWBTtaijGa/
Ni6nSOha75e8p0ObuUcwmM2AJ25dnvdNsveqRENDPN2ksGB0WVCfaM08Gx3hqKVE
zEaChYgKLeQntMFGdz1ijAkUATvYkScPrLdqSwNpB7wj3O7KtLQcMWR0LncwbGYg
PGlkdHdvbGZAcGlzZW0ubmV0PokAVwQQEQIAFwUCPz6gwAcLCQgHAwIKAhkBBRsD
AAAAAAoJEOc7beKo+uDKKWoAoPoCU3/H90Vmi1fxrUyqXV2+xjREAKCu/p+8hnlm
KR3VZZS6E5otSZTORLkCDQQ/PqDAEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bx
brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP
PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU
GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb
GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp
esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAjS5g
+HibMlO5wn8ywIpObRLqOqbbaEvzHY8Ja5OcirXTmkPUfnlRFHguJ2MsG2PuZJK3
o8pe+w2ML5O3ZZAGkAqYay42jKuDcxsisTXKqIoFCsXE9QcSn7H381w68pGPz4cz
ZhEMzA3gRsnrdPfbmIqHoWfLgwzg14WYQiP5AvyDck2t8FImLHWBJQtrs1a2eV4N
OlvSNchOqTYNxsQOCgVEg6vHM8krgM9vb21uXUPqhSo/xxEo5nNgdFpUbgNYbU3z
rGAyUPK1ikt2E1KfCWDtKUBCMBYHi+341aq++2tZHZ3MRmml010+/zkLXdF2R8di
Q2oOf9VAZc+2CTg4ookATAQYEQIADAUCPz6gwAUbDAAAAAAKCRDnO23iqPrgyrh+
AKCPKzCodjzGep2lbt3VSkjS62e7OACgnln/OMbUHa3X99fsJNvrR+e9Uss=
=2wgM
-----END PGP PUBLIC KEY BLOCK-----

Prev by Date: Re: Reported Command Injection in Squirrelmail GPG
Next by Date: Landesk Management Suite IRCRBOOT.DLL buffer overflow
Previous by thread: Re: Reported Command Injection in Squirrelmail GPG
Next by thread: Landesk Management Suite IRCRBOOT.DLL buffer overflow
Index(es):
- Date
- Thread