PHP-Nuke SQL Injection Vulnerability Reported

    Date25 Sep 2002
    CategoryHacks/Cracks
    3089
    Posted ByAnthony Pell
    All PHP-Nuke versions, including the just released 6.0, are vulnerable to a very simple SQL injection that may lead to a basic DoS attack. When the script is stopped, the server will take a few minutes to recover from the load and become acessible again.. . . All PHP-Nuke versions, including the just released 6.0, are vulnerable to a very simple SQL injection that may lead to a basic DoS attack. When the script is stopped, the server will take a few minutes to recover from the load and become acessible again.
     Date: 25 Sep 2002 17:25:46 -0000 From: Pedro Inacio  To: This email address is being protected from spambots. You need JavaScript enabled to view it. Subject: PHP-Nuke x.x SQL Injection  Hello,  All PHP-Nuke versions, including the just released 6.0, are vulnerable to a very simple SQL injection that may lead to a basic DoS attack.  For instance, if you create a short script, to send a few requests, (I have tested with just 6) similar to this:  http://www.nukesite.com/modules.php?name=News&file=article&sid=1234%20or% 201=1  after a real short time the load of the machine is so high that it will become inacessible.  When the script is stopped, the server will take a few minutes to recover from the load and become acessible again.  Well, the number of requests depends on your MySQL parameters and hardware, but in general all the tested php-nuke sites where vulnerable and become inacessible.  If you are running PHP-Nuke, I suggest the creation of some filters to  avoid this kind of attack.  Other things can be made, but I will not talk about them now. I will wait until Francisco fix them.  Francisco was noticed a month ago, but the problems persist. Maybe he is busy reading the new revision of the "Building Secure Web  Applications and Web Services" OWASP document. :]  Cheers,  Pedro Inacio 
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.