| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9dfcd0928dad1ceec5e81543ff7804e5@criolabs.net>
Date: Thu, 09 Sep 2004 21:20:50 -0400
From: Criolabs <security@...olabs.net>
To: bugtraq@...urityfocus.com
Subject: SQL-Injection in Subjects 2.0 for Postnuke
****************************************************************************************************
CRIOLABS
- Software: Subjects 2.0
- Type: Postnuke module
- Vendor: Postnuke Modules Factory.
****************************************************************************************************
## Software ##
Software: Subjects Postnuke module
Version: 2.0
Plataforms: Unix/Win/PHP/MySQL/Postnuke
Web: http://home.postnuke.ru
## Vendor Description ##
Module is designed for structured store & display text content with a possibility to store
content in file on the disc. Probably, the best one for converting existing based on HTML pages
site to PostNuke.
## Vulnerabilities ##
Sql-Injection in pageid, subid, catid variables.
## Sql-Injection ##
The previous variables are vulnerables to SQL-Injection attacks.
These SQL injection vulnerabilities allow a remote user to inject arbitrary SQL commands.
/index.php?module=subjects&func=listpages&subid=[SQL]
/index.php?module=subjects&func=viewpage&pageid=[SQL]
/index.php?module=subjects&func=listcat&catid=[SQL]
## History ##
Vendor contacted but no response.
## Solution ##
There is no solution at this time, we recommend to remove immediately this module
## Credits ##
Criolabs staff
Original advisory and proof of concept at http://www.criolabs.net/advisories/subjects2.txt
Powered by blists - more mailing lists