You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 70 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - phpbb sql injection involve phpnuke? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

phpbb sql injection involve phpnuke?
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
beebar
Private
Private


Joined: Apr 07, 2003
Posts: 45
PostPosted: Thu Jun 19, 2003 12:00 pm Reply with quoteBack to top
There is sql injection vuln in phpBB. The variable "topic_id" is passed
directly from GET to sql query in /viewtopic.php. It can be used
to get md5 passwords for users.

Would this have anything to do with phpnuke?

I have proof of concept code if any cops need to look.
Find all posts by beebarView user's profileSend private message
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Thu Jun 19, 2003 12:27 pm Reply with quoteBack to top
Please feel free to upload it and let us know you did.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
beebar
Private
Private


Joined: Apr 07, 2003
Posts: 45
PostPosted: Thu Jun 19, 2003 12:32 pm Reply with quoteBack to top
Done!
Find all posts by beebarView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.183 Seconds - 303 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::