 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 164 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
 Li-Nux writes "Security Advisory about Meta Keywords Module
Together Team s.r.l. Security Advisory
Advisory: PNM00001
Critical Level: Medium
Category: PHP-Nuke
Sub-Category: ADD-ON Module
Attack Type: SQL-Injection
Target: Meta Keywords Module by Prophet (http://musicodezone.com/front/modules.php?name=Downloads&d_op=viewdownload&cid=3)
Found By: Francesco Marasco aka Li-Nux - Together Team s.r.l.
Description:
It's possible from an anonymous user to inject sql instruction to RDBMS by perform:
http://www.domain.com/modules.php?name=Meta_Tags&op=addToMyMeta&tag=&clear=&list=[SQL-INJECTION HERE]
Test:
Before execute proof-of-code exploit:
mysql> select * from nuke_meta;
+---------+
| tags |
+---------+
| PHPNUKE |
+---------+
1 row in set (0.08 sec)
After execute proof-of-code exploit:
mysql> select * from nuke_meta;
+------+
| tags |
+------+
| TEST |
+------+
1 row in set (0.00 sec)
"
|
|
Posted on Tuesday, February 01 @ 04:54:57 CET by TogetherTeam |
|
|
|
|
| |
|
Average Score: 3.66
Votes: 3
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Meta Keywords Module (Score: 1)
by Prophet on Tuesday, February 01 @ 11:35:34 CET
(User Info | Send a Message) http://jasonlau.biz | Sorry people.
I am working on this as we speak.
There will be a new version availble shortly at the same location.
Thanks for the advisory!
Jae |
| | | | |
|
|
