Meta Keywords Module
Date: Tuesday, February 01 @ 04:54:57 CET Topic: Security
Security Advisory about Meta Keywords Module
Together Team s.r.l. Security Advisory
Advisory: PNM00001
Critical Level: Medium
Category: PHP-Nuke
Sub-Category: ADD-ON Module
Attack Type: SQL-Injection
Target: Meta Keywords Module by Prophet (http://musicodezone.com/front/modules.php?name=Downloads&d_op=viewdownload&cid=3)
Found By: Francesco Marasco aka Li-Nux - Together Team s.r.l.
Description:
It's possible from an anonymous user to inject sql instruction to RDBMS by perform:
http://www.domain.com/modules.php?name=Meta_Tags&op=addToMyMeta&tag=&clear=&list=[SQL-INJECTION HERE]
Test:
Before execute proof-of-code exploit:
mysql> select * from nuke_meta;
+---------+
| tags |
+---------+
| PHPNUKE |
+---------+
1 row in set (0.08 sec)
After execute proof-of-code exploit:
mysql> select * from nuke_meta;
+------+
| tags |
+------+
| TEST |
+------+
1 row in set (0.00 sec)
|
|