- 28 May 2008Advisories » PHP-Nuke 4nChat Module "roomid" Parameter Handling Remote SQL Injection Vulnerability
| Release Date: | 07/03/2008 | Severity: | Moderately Critical  |
| SecWatch Advisory: | SWID1020587 | Cause: | Input validation error |
| Solution Status: | Unpatched | Impact: | SQL Injection |
| Exploit Status: | PoC Available | Access Vector: | From remote |
| Affected Software: | 4nChat 0.x (module for PHP-Nuke) | ||
| Original Advisory: | http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3058 |
||
| CVE: | CVE-2008-1219 CVE-2008-1220 | ||
| Secunia: | SA29279 | ||
| Bugtraq ID: | BID#28128 | ||
Description:
An input validation vulnerability in the 4nChat module for PHP-Nuke has been reported, which can be exploited by remote users to conduct SQL injection attacks.
User-supplied input passed to the "roomid" parameter is not properly sanitised before being used in SQL queries. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.
Affected:
PHP-Nuke 4nChat module version 0.91. Other versions may also be affected.
Proof of Concept:
SQL Injection:
http://[target]/modules.php?name=modload&name=4nChat&file=index&roomid=[SQL]
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
meloulisi
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.