PHP-Nuke 8.0 (mod Surveys) SQL Injection Vulnerability
# platform : php
# Impact : Remote SQL Injection
# Tested on : Windows XP sp3 en
# Vulnerability in page ..\Surveys\index.php :
function pollMain($pollID) {
global $boxTitle, $boxContent, $pollcomm, $user, $cookie, $prefix, $module_name, $db, $userinfo;
$pollID = intval($pollID);
if(!isset($pollID))
$pollID = 1;
...
....
$result_a = $db->sql_query("SELECT pollTitle, voters FROM ".$prefix."_poll_desc WHERE pollID='$pollID'");
list($pollTitle, $voters) = $db->sql_fetchrow($result_a);
..............}
# Exploit :
http://[loaclhost]/[path]/modules/Surveys/modules.php?
name=Surveys&op=results&pollID=[SQL-Inj3cTion]
No comments:
Post a Comment