lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9bb1c1bdead1f2a32235826f96765782.hackers@hackers.ir>
Date: Fri, 29 Sep 2006 09:43:36 +0330
From: "Omid" <omid@...kers.ir>
To: <bugtraq@...urityfocus.com>
Subject: Sql injection in PostNuke [Admin section]

Hi,
There is a sql injection bug in PostNuke 0.762 admin section (and maybe
before versions) .
The "hits" parameter is not checked properly before be used in sql query :

File /modules/Downloads/admin.php, Line 1586 :
::     $dbconn->Execute("INSERT INTO $downtable
::                         ($column[lid],
::                          $column[cid],
::                          $column[sid],
::                          $column[title],
::                          $column[url],
::                          $column[description],
::                          $column[date],
::                          $column[name],
::                          $column[email],
::                          $column[hits],
::                          $column[submitter],
::                          $column[downloadratingsummary],
::                          $column[totalvotes],
::                          $column[totalcomments],
::                          $column[filesize],
::                          $column[version],
::                          $column[homepage])
::                       VALUES
::                         (" . (int)pnVarPrepForStore($newid) . ",
::                          " . (int)pnVarPrepForStore($cat[0]) .",
::                          " . (int)pnVarPrepForStore($cat[1]) .",
::                          '" . pnVarPrepForStore($title) . "',
::                          '" . pnVarPrepForStore($url) . "',
::                          '" . pnVarPrepForStore($description) . "',
::                           " . $dbconn->DBTimestamp(time()) . ",
::                          '" . pnVarPrepForStore($name) . "',
::                          '" . pnVarPrepForStore($email) . "',
**                           " . pnVarPrepForStore($hits) . ",
::                          '" . pnVarPrepForStore($submitter) . "',
::                          0,
::                          0,
::                          0,
::                          '" . pnVarPrepForStore($filesize) . "',
::                          '" . pnVarPrepForStore($version) . "',
::                          '" . pnVarPrepForStore($homepage) . "')");

The bug is in admin section, so it doesnt seem to be critical .
Also, "PostNuke 0.800 Milestone 2" has been released .


- Omid

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ