Hello again, just to say that PostNuke ( fork of PHP-Nuke ) is vulnerable to the same bugs AND it is possible to inject different SQL code in order to do other "funny" but "dangerous" things.
Note to the guys of those projects: Filter those URL entries!!! Cheers, Pedro Inacio ----- Original Message ----- From: "Pedro Inacio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 25, 2002 1:02 AM Subject: [Full-Disclosure] PHP-Nuke x.x SQL Injection > Hello, > > All PHP-Nuke versions, including the just released 6.0, are vulnerable to a > very simple SQL injection that may lead to a basic DoS attack. > > For instance, if you create a short script, to send a few requests, (I have > tested with just 6) similar to this: > > http://www.nukesite.com/modules.php?name=News&file=article&sid=1234%20or%201 > =1 > > after a real short time the load of the machine is so high that it will > become inacessible. > When the script is stopped, the server will take a few minutes to recover > from the load and become acessible again. > > Well, the number of requests depends on your MySQL parameters and hardware, > but in general all the tested php-nuke sites where vulnerable and become > inacessible. > > If you are running PHP-Nuke, I suggest the creation of some filters to avoid > this kind of attack. > Other things can be made, but I will not talk about them now. I will wait > until Francisco fix them. > > Francisco was noticed a month ago, but the problems persist. > > Cheers, > > Pedro Inacio > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
