[prev in list] [next in list] [prev in thread] [next in thread]
List: vulnwatch
Subject: [VulnWatch] Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6
From: Paul Laudanski <zx () castlecops ! com>
Date: 2005-03-26 18:33:25
Message-ID: Pine.LNX.4.44.0503261328560.8741-100000 () bugsbunny ! castlecops ! com
[Download RAW message or body]
On 26 Mar 2005, Gerardo Astharot Di Giacomo wrote:
> Product: NukeBookmarks .6
> URL: http://nukebookmarks.sourceforge.net/
> 1) Full path disclosure
> It's possible to retrieve the full installation URL of the website. In "marks.php" \
> file, there are some queries to the database. If some parameters miss or some \
> strange characters are submitted, the functions that get results from the database \
> will return an error.
I can understand how full path disclosure can be an issue, however, in a
production environment the PHP settings to display errors ought to be
disabled. As such, full path disclosure goes away.
> 3) SQL Injection
> It's possible to get any content from the database by exploiting a SQL Injection \
> vulnerability in "marks.php" file.
> This example will get the list of PHPNuke authors and the relative hashes of the \
> passwords.
That is true if the default table names are used. However it would be
worth noting that with any web presence that uses a backend database, the
prefix ought to be changed to something random and non-default.
Does this completely solve the issue, of course not, but it can stop the
script kiddy attacks. For more on this:
http://unixwiz.net/techtips/sql-injection.html
Thanks for the disclosure.
--
Sincerely,
Paul Laudanski .. Computer Cops, LLC.
CastleCops(SM)... http://castlecops.com
CC Blog ......... http://blog.castlecops.com
Staff Blogs ..... http://busterbunny.castlecops.com
Our Vision ...... http://castlecops.com/postt63382.html
http://cuddlesnkisses.com http://justalittlepoke.com http://zhen-xjell.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic