1732 matches found
PHP-Nuke - SQL Injection Edit/Save Messages
!/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy = "http://172.9.1.11:80/"; proxy:port ... $browser = LWP::UserAgent-new; $browser - agent$Agent; $url = 'http://www.sitewithphpnuke.com/admin.php'; $browser-proxyhttp = $proxy if defined$proxy; printl...
PHP-Nuke SQL Injection Edit/Save Message(s) Bug
No description provided by source. !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy = "http://172.9.1.11:80/"; proxy:port ... $browser = LWP::UserAgent-new; $browser - agent$Agent; $url = 'http://www.sitewithphpnuke.com/admin.php'; $browser-proxyhtt...
PHP-Nuke - SQL Injection EditSave Messages
PHP-Nuke - SQL Injection EditSave Messages !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy = "http://172.9.1.11:80/"; proxy:port ... $browser = LWP::UserAgent-new; $browser - agent$Agent; $url = 'http://www.sitewithphpnuke.com/admin.php';...
[XSS]/SQL Injection PHP-Nuke Edit/Save Message(s) Bug
================================================================= XSS/SQL Injection PHP-Nuke Edit/Save Messages Bug by bima ================================================================= Php-Nuke is a popular freeware content management system. Based on information at :...
phpSQLnuke.pl
XSS/SQL Injection PHP-Nuke Delete Messages Bug by bima Php-Nuke is a popular freeware content management system. Based on information at : http://www.mantralab.org/modules.php/modulo/news/lanotizia/%5BXSS%5D+PHP-Nuke+7.4+Add+Message+Bug An attacker permitted to post to global home-page messages. ...
[XSS]/SQL Injection PHP-Nuke Delete Message(s) Bug
XSS/SQL Injection PHP-Nuke Delete Messages Bug by bima Php-Nuke is a popular freeware content management system. Based on information at : http://www.mantralab.org/modules.php/modulo/news/lanotizia/5BXSS5D+PHP-Nuke+7.4+Add+Message+Bug An attacker permitted to post to global home-page messages. I...
PHP-Nuke 7.4 - Privilege Escalation
A demonstration exploit HTTP form is provided: USERNAME: NOME: PASSWORD: E-MAIL: milw0rm.com 2004-09-08...
PHP-Nuke 7.4 Remote Privilege Escalation
Exploit for unknown platform in category web applications ======================================== PHP-Nuke 7.4 Remote Privilege Escalation ======================================== A demonstration exploit HTTP form is provided: USERNAME: NOME: PASSWORD: E-MAIL: 0day.today 2018-01-05...
PHP-Nuke 7.4 - Privilege Escalation
PHP-Nuke 7.4 - Privilege Escalation A demonstration exploit HTTP form is provided: USERNAME: NOME: PASSWORD: E-MAIL: milw0rm.com 2004-09-08...
[XSS] PHP-Nuke 7.4 AddMsg Bug
CODEBUG Labs Advisory 4 Title: Addmsg Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org Add Message Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to post gloabal home-page messages...
[XSS] PHP-Nuke 7.4 Newsletter Injection Bug
CODEBUG Labs Advisory 5 Title: Newsletter Injection Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org Newsletter Injection Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to post...
Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4
CODEBUG Labs Patch 1 Title: Multiple XSS Bug in admin.php Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Web: http://www.mantralab.org Register to our site and receive our newsletter! - Patch Apply this code to your admin.php file: if !empty$HTTPGETVARS'admin' die"Shit! Mantra wins ="; i...
PHP-Nuke 7.4 Multiple XSS Vulnerabilities Patch
CODEBUG LABS PATCH 1 to XSS Vulnerabilities in Admin Panel of PHP-NUKE 7.4 To Patch your admin panel from this vulnerabilities hurricane you have to apply this code to your admin.php file: if !empty$HTTPGETVARS'admin' die"Shit! Mantra wins ="; if !empty$HTTPPOSTVARS'admin' die"Shit! Mantra wins =...
PHP-Nuke 7.4 Remote Privilege Escalation
No description provided by source. A demonstration exploit HTTP form is provided: form name="mantra" method="POST" action="http://www.sitewithphpnuke.com/admin.php" pUSERNAME: input type="text" name="addaid" br NOME: input type="text" name="addname" br PASSWORD: input type="text" name="addpwd" br...
[XSS] PHP-Nuke 7.4 ViewAdmin Bug
CODEBUG Labs Advisory 3 Title: ViewAdmin Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org View Admin Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to view Admin account aid and to...
[XSS] PHP-Nuke 7.4 DelAdmin Bug
CODEBUG Labs Advisory 2 Title: DelAdmin Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org Delete Admin Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to delete any Admin account...
[XSS] PHP-Nuke 7.4 Remote Privilege Escalation
CODEBUG Labs Advisory 1 Title: AddAdmin Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org ITALIAN SITE Remote Privilege Escalation - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to gain...
CVE-2002-1242
CVE-2002-1242 describes an SQL injection vulnerability in PHP-Nuke prior to 6.0 that allows remote authenticated users to modify the database and gain privileges via the bio parameter in modules.php. Root cause: unvalidated input in the bio field enables injection into SQL statements. Affected so...
CVE-2002-1242
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php...
PHP-Nuke PhotoADay Module pad_selected Parameter XSS
The remote host is running PhotoADay, a web-based photo album management software. The installed version fails to sanitize input passed to the 'padselected' parameter before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject...