PHPNews prior 1.2.4 sendtofriend.php SQL injection 1.0
 
Plugin ID319
Plugin namePHPNews prior 1.2.4 sendtofriend.php SQL injection
Plugin filenamePHPNews prior 1.2.4 sendtofriend.php SQL injection.plugin
Plugin filesize2252 bytes
Plugin familyCGI
Plugin version1.0
Plugin protocoltcp
Plugin port80
Plugin procedure exploitopen|send GET /phpnews/sendtofriend.php?mid='1' HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *mysql_fetch_assoc():*
Plugin exploit accuracy98
Plugin commentThe NASL script is Copyright (C) 2004 Tenable Network Security.
Bug published nameAccessX
Bug affectedPHPNews prior 1.2.4
Bug not affectedPHPNews newer than 1.2.4
Bug vulnerability classSQL Injection
Bug descriptionThe remote host is using PHPNews, an open source news application. It utilizes database to store the content. A vulnerability exists in the remote version of this software which may allow an attacker to inject arbitrary SQL code and possibly execute arbitrary code, due to improper validation of user supplied input in the 'mid' parameter of script 'sendtofriend.php'.
Bug solutionUpgrade to the version 1.2.4 of this software.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.securityfocus.com/bid/11748/exploit/
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity6
Bug simplicity8
Bug impact8
Bug risk7
Bug Nessus riskHigh
Bug check toolsNessus can check this flaw with the plugin 15861 (PHPNews sendtofriend.php SQL injection).
Source SecurityFocus BID11748
Source Nessus ID15861
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.