• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHP-Nuke GBook Module HTML Injection Vulnerability

Severity: MODERATE

Description:

PHP-Nuke is web portal software. GBook is a guestbook module for PHP-Nuke.

A vulnerability has been reported to exist in the software that may allow a remote attacker to carry out HTML injection attacks in order to steal sensitive data such as authentication credentials.

It has been reported that due to insufficient sanitization of user-supplied data, various parameters passed to the GBook module are vulnerable to HTML injection. Some of the affected parameters include 'name', 'email', 'city', and 'message'. As a result, users may include malicious HTML and script code inside of guestbook entries. The attacker-supplied code will be rendered in the web client of the user who views a malicious guestbook entry, and will be executed in the security context of the site hosting the guestbook software.

It has been noted that GBook employs HTTP POST requests to communicate with the server and HTTP POST requests are filtered by PHP-Nuke. Due to this, an attacker may not be able to directly inject HTML code into the site, however, an attacker may pass malicious HTML code via a '$_COOKIE' array. '$_COOKIE' arrays are reportedly not filtered by PHP-Nuke. If administrative access is enabled in the software, this may allow the attacker to steal cookie-based authentication credentials from the administrative guestbook user. Other attacks may be possible as well.

Gbook script for PHP-Nuke version 1.0 has been tested for this issue, however, it is likely that other versions of PHP-Nuke are vulnerable as well.

Affected Products:

• Francisco Burzi PHP-Nuke 1.0.0
• Francisco Burzi PHP-Nuke 2.5.0
• Francisco Burzi PHP-Nuke 3.0.0
• Francisco Burzi PHP-Nuke 4.0.0
• Francisco Burzi PHP-Nuke 4.3.0
• Francisco Burzi PHP-Nuke 4.4.0
• Francisco Burzi PHP-Nuke 4.4.1a
• Francisco Burzi PHP-Nuke 5.0.0
• Francisco Burzi PHP-Nuke 5.0.1
• Francisco Burzi PHP-Nuke 5.1.0
• Francisco Burzi PHP-Nuke 5.2.0
• Francisco Burzi PHP-Nuke 5.2.0a
• Francisco Burzi PHP-Nuke 5.3.1
• Francisco Burzi PHP-Nuke 5.4.0
• Francisco Burzi PHP-Nuke 5.5.0
• Francisco Burzi PHP-Nuke 5.6.0
• Francisco Burzi PHP-Nuke 6.0.0
• Francisco Burzi PHP-Nuke 6.5.0
• Francisco Burzi PHP-Nuke 6.5.0 BETA 1
• Francisco Burzi PHP-Nuke 6.5.0 FINAL
• Francisco Burzi PHP-Nuke 6.5.0 RC1
• Francisco Burzi PHP-Nuke 6.5.0 RC2
• Francisco Burzi PHP-Nuke 6.5.0 RC3
• Francisco Burzi PHP-Nuke 6.6.0
• Francisco Burzi PHP-Nuke 6.7.0
• Francisco Burzi PHP-Nuke 6.9.0
• Francisco Burzi PHP-Nuke 7.0.0
• Francisco Burzi PHP-Nuke 7.0.0 FINAL
• gBook gBook 0.0.0
• gBook gBook 1.4.0

References:

• PHPNuke INP: PHPNuke INP Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.