RE: modules name(Sections)SQL Injection Exploit

To: "security curmudgeon" <jericho@xxxxxxxxxxxxx>, <Mster-X@xxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: modules name(Sections)SQL Injection Exploit
From: "Evans, Arian" <Arian.Evans@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 May 2006 14:03:57 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcZ9xNF8wbLxsXv6TVKLOiplrcnBCgA1P0BA
Thread-topic: modules name(Sections)SQL Injection Exploit

That looks a lot like a *nuke (PHPNuke & forks like PostNuke).

The "thold" param has a history of issues, XSS and the like, and
I seem to recall it is handled by the "Sections" module in Nuke.

If it's the code I think it is, there are more issues with other
params which are even listed in the example below.

(Hint: the op param)

Cheers,

Arian J. Evans
FishNet Security
913.710.7085 [mobile]
816.701.2045 [office]


 


 

> -----Original Message-----
> From: security curmudgeon [mailto:jericho@xxxxxxxxxxxxx] 
> Sent: Sunday, May 21, 2006 8:43 PM
> To: Mster-X@xxxxxxxxxxx
> Cc: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Re: modules name(Sections)SQL Injection Exploit
> 
> 
> : ********************
> : By: Mr-X
> : Email: Mster-X@xxxxxxxxxxx
> : Subject: modules name(Sections)SQL Injection 
> : ********************
> : 
> : example:-
> : 
> /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=[SQL]
> 
> What product is this in? Searching for "modules name 
> sections" is not that 
> helpful.
>

Prev by Date: Pre News Manager v1.0
Next by Date: rPSA-2006-0082-1 vixie-cron
Previous by thread: Re: modules name(Sections)SQL Injection Exploit
Next by thread: modules name(Downloads)SQL Injection Exploit
Index(es):
- Date
- Thread