5 matches found
PHP-Nuke 7.4 - Remote Privilege Escalation
No description provided by source. A demonstration exploit HTTP form is provided: form name=mantra method=POST action=http://www.sitewithphpnuke.com/admin.php pUSERNAME: input type=text name=addaid br NOME: input type=text name=addname br PASSWORD: input type=text name=addpwd br E-MAIL: input...
PHP-Nuke 7.4 WebLinks SQL-Injection
Version: 7.4 Module: WebLinks function: TopRated //...... function TopRated$ratenum, $ratetype //........ if $ratenum != "" && $ratetype != "" $toplinks = $ratenum; //........... $result = $db-sqlquery"SELECT lid, cid, sid, title, description, date, hits, linkratingsummary, totalvotes,...
PHP-Nuke 7.4 Multiple XSS Vulnerabilities Patch
CODEBUG LABS PATCH 1 to XSS Vulnerabilities in Admin Panel of PHP-NUKE 7.4 To Patch your admin panel from this vulnerabilities hurricane you have to apply this code to your admin.php file: if !empty$HTTPGETVARS'admin' die"Shit! Mantra wins ="; if !empty$HTTPPOSTVARS'admin' die"Shit! Mantra wins =...
[XSS] PHP-Nuke 7.4 AddMsg Bug
CODEBUG Labs Advisory 4 Title: Addmsg Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org Add Message Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to post gloabal home-page messages...
[XSS] PHP-Nuke 7.4 DelAdmin Bug
CODEBUG Labs Advisory 2 Title: DelAdmin Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org Delete Admin Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to delete any Admin account...