Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...

CVE-2011-1482

PHP-Nuke 8.0 and earlier are affected by multiple CSRF vulnerabilities in mainfile.php that allow remote attackers to hijack administrator sessions by issuing requests to add user accounts or grant admin privileges. The root cause is a Referer check implemented as a substring comparison, enabling...

CVE-2011-1480

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chnguid parameter...

CVE-2011-1481

Multiple cross-site scripting XSS vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sendername or 2 senderemail parameter in a Feedback action to modules.php...

CVE-2011-1482

Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...

CVE-2011-1481

CVE-2011-1481 affects PHP-Nuke 8.0 and earlier. The vulnerability is multiple cross-site scripting (XSS) in the Feedback action of modules.php, exploitable via the sender_name or sender_email parameters. Impact described as allowing remote attackers to inject arbitrary web script or HTML. NVD met...

CVE-2011-1480

CVE-2011-1480 affects PHP-Nuke (admin.php) in the admin backend of PHP-Nuke 8.0 and earlier. The vulnerability is an SQL injection via the chng_uid parameter, allowing remote attackers to execute arbitrary SQL commands. The available connected documents confirm the affected software/version range...

PHP Nuke 8.3 MT Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Iranian Pentesters Home Title : PHP Nuke 8.3 MT Arbitrary File Upload Vulnerability Author : Pentesters.ir Exploits Coded by : b3hz4d & 4n0nym0us Tested on: PHP Nuke 8.3 Vendor : http://phpnuke.ir Specially Thanks To: Navid, Hossein, Ahmad,...

PHP Nuke 8.3 MT Shell Upload

Iranian Pentesters Home Title : PHP Nuke 8.3 MT Arbitrary File Upload Vulnerability Author : Pentesters.ir Exploits Coded by : b3hz4d & 4n0nym0us Tested on: PHP Nuke 8.3 Vendor : http://phpnuke.ir Specially Thanks To: Navid, Hossein, Ahmad, vahid, daryoush and all of the pentesters.ir members...

PHP-Nuke 8.3 - upload.php Arbitrary File Upload (1)

PHP-Nuke 8.3 - upload.php Arbitrary File Upload 1 source: https://www.securityfocus.com/bid/48257/info Phpnuke is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code a...

PHP-NUKE - 'Pirtuk' Module SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP-NUKE - 'Pirtuk' Module SQL injection Vulnerability Date: 06.0.2011 Author: Scientist Category: webapps Google dork: inurl:name=Pirtuk Tested on: linux Demo site:...

Php-Nuke Module 'Recipes' SQL Injection Vulnerability

Exploit for php platform in category web applications Title : Php-Nuke Module 'Recipes' SQL Injection Vulnerability BigBUG Author: Scientist Vendor: http://phpnuke.org/ Email : email protected date : 06.06.2011 Google Dork : inurl:name=Recipes+recipeid category : Web Apps SQli Dipnot: Amen aga...

XSS, AoF и IAA уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Abuse of Functionality и Insufficient Anti-automation уязвимостях в PHP-Nuke. XSS WASC-08: POST запрос на странице http://site/modules.php?name=Downloads " style="-moz-binding:url'http://websecurity.com.ua/webtools/xss.xmlxss...

PHP-Nuke 8.0 (mod Surveys) SQL Injection Vulnerability

Exploit for php platform in category web applications Title : PHP-Nuke 8.0 mod Surveys SQL Injection Vulnerability Author : KedAns-Dz E-mail : email protected Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : Remote SQL Injection Tested ...

PHP-Nuke 8.0 Surveys Module SQL Injection

Title : PHP-Nuke 8.0 mod Surveys SQL Injection Vulnerability Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : Remote SQL Injection Tested on : Windows XP sp3 FR Note : BAC 2011 Enchallah Me ...

PHP-Nuke 8. x <= "chng_uid" blind defect and repair-vulnerability warning-the black bar safety net

Affected version: PHP-Nuke 8. x = Vulnerability description: PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articles with users system. Each user can submit comments to discuss the articles. Main features...

PHP-Nuke 8.x &lt;= &quot;chng_uid&quot; Blind SQL Injection Vulnerability

PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articles with users system. Each user can submit comments to discuss the articles. Main features include: web based admin, surveys, top page, access stats pag...

PHP-Nuke 8.x Cross Site Request Forgery

PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...

PHP-Nuke 8.x Blind SQL Injection

PHP-Nuke 8.x /admin.php POST...

PHP-Nuke 8.x Cross Site Scripting

PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...