Rule:

--
Sid:
2654

--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in the web application PHPNuke.

--
Impact:
SQL Injection is possible leading to a complete compromise of the data
in the application database.

--
Detailed Information:
This event is generated when an attempt is made to exploit a known 
vulnerability in the PHPNuke web application running on a server.

Insufficient checks are made on user input supplied to the script
"viewtopic.php", exploitation of this issue could present an attacker
with the opportunity to inject SQL code of their choosing into a
vulnerable system.

--
Affected Systems:
	PHPNuke 6.0
	PHPNuke 6.5 RC2

--
Attack Scenarios:
An attacker can supply code of their choice by including it in the
URI that calls on viewtopic.php.

--
Ease of Attack:
Simple. No exploit software required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.

Consider reviewing the database permissions for the application.

--
Contributors:
Sourcefire Research Team
Ricky MacAtee <rmacatee@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--