In association with heise online

24 January 2008, 12:06

SQL injection hole in PHP Nuke

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An SQL injection vulnerability in the PHP Nuke content management system reportedly provides access to the underlying database. An exploit has been published at Milw0rm for the flaw in the modules.php script. This script passes the parameter sid to the modules/Search/index.php script unfiltered. Attackers can use manipulated sid parameters to send their own SQL queries to the database, allowing them to read password hashes or other information. To do so, however, the option magic_quotes_g pc must be disabled. By default, the PHP Nuke installer sets them to on.

According to the report, the exploit has already been tested successfully on PHP Nuke 6.0, 6.6, 7.9 and 8.0. Other versions are probably also affected. Further tests will reveal whether the current version 8.1 also contains the vulnerability. As a workaround, set the option magic_quotes_gpc = on in php.ini.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit