Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability
# 1  
Old 02-26-2008
S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability
The PHP-Nuke EasyContent module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The risk is LOW. Expoiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Discussion started by: crombiecrunch
0 Replies

2. Solaris

Installing ZIP module for PHP

Hi Guys, I am using SOLARIS 10 and I want to install ZIP module for PHP. I went to this link http://pecl.php.net/package/zip and I choose zip-1.12.3.tgz, the latest "stable" release, and then transferred it to my server. Then I went to my path /usr/local/apache2/conf then untar the... (1 Reply)
Discussion started by: Phuti
1 Replies

3. UNIX for Dummies Questions & Answers

How do I list kernel module parameter values?

Hi, I have problem with parameter configuration. My question is after the configuration, how to check if successfully change the value or not? I saw someone has the same question, and followed his steps. Original thread:... (3 Replies)
Discussion started by: skybb
3 Replies

4. UNIX for Dummies Questions & Answers

PHP Module

Ok..i've installed Apache 1.3.14, and it runs... BUT...I can't figure out how to get the php-4.0.4 module to run, and i've read through the install file and EVERYTYHING, aafter about 10 attempts I pissed myself off enough to goto sleep...Can anyone suggest a place to look for a lil bit more help?... (10 Replies)
Discussion started by: ComTec
10 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

themole

THEMOLE(1)						      General Commands Manual							THEMOLE(1)

NAME

       themole - automatic SQL injection exploitation tool

SYNOPSIS

       themole [ -h ] [ -u url ] [ -n needle ] [-t num_threads]

DESCRIPTION

       The Mole is a command line interface SQL Injection exploitation tool.  This application is able to exploit both union-based and blind bool-
       ean-based injections.

       Every action The Mole can execute is triggered by a specific command.  All this application requires in order to exploit a SQL Injection is
       the URL(including the parameters) and a needle(a string) that appears in the server's response whenever the injection parameter generates a
       valid query, and does not appear otherwise.

OPTIONS

       -h     Shows the help message and exits.

       -u url Sets the url of the mole's instance to url.

       -n needle
	      Sets the needle of the mole's instance to needle. It must be a string that appears when the injection returns  true  and	disappears
	      when the injection is false.

       -t threads
	      Sets the max number of concurrent requests that the mole will be making.	Cannot be changed at runtime.

SEE ALSO

       The program provides interactive documentation, refer also to the official README file.

AUTHOR

       This manual page was written by Santiago Alessandri <salessandri@nasel.com.ar>

								 November 24 2011							THEMOLE(1)