76687 2002-09-25  22:03  /36 rader/ Pedro Inacio <pedro.inacio@ptnix.com>
Importerad: 2002-09-25  22:03  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <1672>
Ärende: PHP-Nuke x.x SQL Injection
------------------------------------------------------------


Hello,

All PHP-Nuke versions, including the just released 6.0, are
vulnerable to a very simple SQL injection that may lead to a basic
DoS attack.

For instance, if you create a short script, to send a few requests,
(I have tested with just 6) similar to this:

http://www.nukesite.com/modules.php?name=News&file=article&sid=1234%20or%
201=1

after a real short time the load of the machine is so high that it
will become inacessible.  When the script is stopped, the server will
take a few minutes to recover from the load and become acessible
again.

Well, the number of requests depends on your MySQL parameters and
hardware, but in general all the tested php-nuke sites where
vulnerable and become inacessible.

If you are running PHP-Nuke, I suggest the creation of some filters
to  avoid this kind of attack.  Other things can be made, but I will
not talk about them now. I will wait until Francisco fix them.

Francisco was noticed a month ago, but the problems persist.
Maybe he is busy reading the new revision of the "Building Secure Web 
Applications and Web Services" OWASP document. :]

Cheers,

Pedro Inacio
(76687) /Pedro Inacio <pedro.inacio@ptnix.com>/(Ombruten)