Another bug in phpNuke

From: David Page (david@melaniepage.worldonline.co.uk)
Date: 07/28/01 

Message-ID: <008401c116fe$0f6a3f10$0100a8c0@davids>
From: "David Page" <david@melaniepage.worldonline.co.uk>
To: <bugtraq@securityfocus.com>
Subject: Another bug in phpNuke
Date: Sat, 28 Jul 2001 01:41:31 +0100

Yes, i have found some bugs also...

You can execute artibility mysql statments in many of its different
scripts...

reviews.php for example..

The parmenter with the id (reviews.php?id=blah) *think* doesn't check... so
you can simply do reviews.php?id=12345 or ........ blah blah blah

I don't think its possible to execute multiple sql statments in
mysql_query(.....)

php4 will also (addslashes) automatically to ' and ". I don't think php3
does...

I contacted phpNuke 8 days ago.

Relevant Pages

  • Re: SERIOUS BUG IN PHPNUKE
    ... Subject: SERIOUS BUG IN PHPNUKE ... > The preview of the Registration Form allows Javascript in the ... > so this helps to will in variables in javascript. ...
    (Vuln-Dev)
  • Re: SERIOUS BUG IN PHPNUKE
    ... Subject: SERIOUS BUG IN PHPNUKE ... > The preview of the Registration Form allows Javascript in the ... > so this helps to will in variables in javascript. ...
    (Bugtraq)
  • Re: SERIOUS BUG IN PHPNUKE
    ... Subject: SERIOUS BUG IN PHPNUKE ... > This only happens with images(tag is used) so ... >> Some fields in the registration form allow code ...
    (Vuln-Dev)
  • [waraxe-2006-SA#044] - XSS in phpNuke 7.8 and older versions
    ... Target software description: ... What is phpNuke? ... Potentially harmful cross-site scripting bug has been found in phpNuke software. ... that html tags injection is really possible. ...
    (Bugtraq)
  • Re: SERIOUS BUG IN PHPNUKE
    ... Subject: SERIOUS BUG IN PHPNUKE ... This only happens with images(tag is used) so ... the root site path too. ...
    (Vuln-Dev)