SQL injection hole in PHP Nuke
An SQL injection vulnerability in the PHP Nuke content management system reportedly provides access to the underlying database. An exploit has been published at Milw0rm for the flaw in the modules.php script. This script passes the parameter sid to the modules/Search/index.php script unfiltered. Attackers can use manipulated sid parameters to send their own SQL queries to the database, allowing them to read password hashes or other information. To do so, however, the option magic_quotes_g pc must be disabled. By default, the PHP Nuke installer sets them to on.
According to the report, the exploit has already been tested successfully on PHP Nuke 6.0, 6.6, 7.9 and 8.0. Other versions are probably also affected. Further tests will reveal whether the current version 8.1 also contains the vulnerability. As a workaround, set the option magic_quotes_gpc = on in php.ini.
- PHP Nuke `sid` sql injection exploit for Search module, exploit at Milw0rm
(mba)