Vulnerabilities > CVE-2002-1242 - SQL Injection vulnerability in Francisco Burzi PHP-Nuke 5.6

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
francisco-burzi
nessus
exploit available
NVD
Published: 2002-11-12
Updated: 2016-10-18

Summary

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.

Vulnerable Configurations

Part Description Count
Application
Francisco_Burzi
1

Exploit-Db

descriptionPHP-Nuke 5.6 Modules.PHP SQL Injection Vulnerability. CVE-2002-1242 . Webapps exploit for php platform
idEDB-ID:21977
last seen2016-02-02
modified2002-11-01
published2002-11-01
reporterkill9
sourcehttps://www.exploit-db.com/download/21977/
titlePHP-Nuke 5.6 Modules.PHP SQL Injection Vulnerability

Nessus

NASL familyCGI abuses
NASL idPHP_NUKE_INSTALLED.NASL
descriptionThe remote host is running a copy of PHP-Nuke. Given the insecurity history of this package, the Nessus team recommends that you do not use it but use something else instead, as security was clearly not in the mind of the persons who wrote it. The author of PHP-Nuke (Francisco Burzi) even started to rewrite the program from scratch, given the huge number of vulnerabilities
last seen2020-06-02
modified2003-02-17
plugin id11236
published2003-02-17
reporterThis script is Copyright (C) 2003-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/11236
titlePHP-Nuke Detection
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11236);
 script_version ("1.39");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");

 script_cve_id(
  "CVE-2001-0292",
  "CVE-2001-0320",
  "CVE-2001-0854",
  "CVE-2001-0911",
  "CVE-2001-1025",
  "CVE-2002-0206",
  "CVE-2002-0483",
  "CVE-2002-1242",
  "CVE-2003-1400",
  "CVE-2003-1435"
 );
 script_bugtraq_id(
  6446,
  6465,
  6503,
  6750,
  6887,
  6890,
  7031,
  7060,
  7078,
  7079
 );

 script_name(english:"PHP-Nuke Detection");
 script_summary(english:"Determines if PHP-Nuke is installed on the remote host");

 script_set_attribute(attribute:"synopsis", value:
"A remote web application might be affected by several vulnerabilities.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a copy of PHP-Nuke.

Given the insecurity history of this package, the Nessus team
recommends that you do not use it but use something else instead, as
security was clearly not in the mind of the persons who wrote it. 

The author of PHP-Nuke (Francisco Burzi) even started to rewrite the
program from scratch, given the huge number of vulnerabilities");
 script_set_attribute(attribute:"see_also", value:"https://www.phpnuke.org/modules.php?name=News&file=article&sid=5640");
 script_set_attribute(attribute:"solution", value:
"De-install this package and use something else.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(79, 89);

 script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/17");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:phpnuke:php-nuke");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses");
 script_copyright(english:"This script is Copyright (C) 2003-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_dependencie("webmirror.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("www/PHP");
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:8080, php: 1);

function check(loc)
{
 local_var r;

 loc += '/';
 r = http_send_recv3(method:"GET", item:string(loc), port:port, follow_redirect: 2, exit_on_fail: TRUE);
 if("PHP-Nuke" ><r[2] &&
    egrep(pattern:"GENERATOR.*PHP-Nuke.*", string:r[2]))
	{
	if ( ! loc ) loc = "/";
	set_kb_item(name:"www/" + port + "/php-nuke", value:"unknown under " + loc);
	set_kb_item(name:"www/php-nuke", value: TRUE);
	return(1);
	}
 else 
	return(0);
}

 
foreach dir (cgi_dirs())
{
if(check(loc:string(dir))){ security_hole(port); exit(0); }
}

exit(0, "PHP-Nuke was not found on the web server on port "+port+".");

References