[VIM] SQL injection (x2) in NukeSentinel

Heinbockel, Bill heinbockel at mitre.org
Wed Mar 14 13:21:36 UTC 2007

BUGTRAQ:20070310 NukeSentinel <= 2.5.06 SQL Injection (mysql >= 4.0.24)

Appears to be similar to CVE-2007-1172:
BUGTRAQ:20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure

Both exploits are SQL injections and the code looks remarkably similar.
However, with the release of NukeSentinel 2.5.06, the vendor attempted
thwart CVE-2007-1172 with a weak regex --

In nukesentinel.php (line 61):
$nsnst_const['remote_ip'])) {$nsnst_const['remote_ip'] = "none"; }

So, they are checking to ensure the Client-IP HTTP Header contains a
valid IP.
Hence, the newer exploit code prepends a random dotted-quad IP address
to the start
of the SQL injection. Therefore, this is viewed by CVE as a new
vulnerability and
will be assigned a new CVE.

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list