1732 matches found
PHP-Nuke < 8.0 - 'sid' SQL Injection
version Tested on 7.9 & 6.0 '; if $argc table prefix\n"; print "ex.: " . $argv0 . " phpnuke.org 7\n"; credits; exit; / few definitions / if empty$argv3 $prefix = 'nuke'; define tables prefix else $prefix = $argv3; switch $argv2 case "6": $query...
PHP-Nuke 8.0 - sid SQL Injection
PHP-Nuke 8.0 - sid SQL Injection version Tested on 7.9 & 6.0 '; if $argc table prefix\n"; print "ex.: " . $argv0 . " phpnuke.org 7\n"; credits; exit; / few definitions / if empty$argv3 $prefix = 'nuke'; define tables prefix else $prefix = $argv3; switch $argv2 case "6": $query...
PHP-Nuke 8.0 Final - 'sid' SQL Injection
?php UNPUBLISHED RST/GHC EXPLOIT PHP Nuke sid sql injection exploit for Search module POST method - the best for version 8.0 FINAL coded by Foster & 1dt.w0lf tested on 6.0 , 6.6 , 7.9 , 8.0 FINAL versions if isset$POST'Submit' $result=sendit'CONCAT"::",aid,"::",pwd,"::"'; if...
PHP-Nuke <= 8.0 Final (sid) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================================== PHP-Nuke = 8.0 Final sid Remote SQL Injection Exploit ======================================================== ?php UNPUBLISHED RST/GHC EXPLOIT PHP Nuke sid sql injection exploit for...
PHP-Nuke < 8.0 (sid) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================= PHP-Nuke version Tested on 7.9 & 6.0 '; if $argc table prefix\n"; print "ex.: " . $argv0 . " phpnuke.org 7\n"; credits; exit; / few definitions / if empty$argv3 $prefix = 'nuke'; define...
Directory traversal
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the detail...
CVE-2007-6376
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the detail...
CVE-2007-6376
CVE-2007-6376 describes a directory traversal vulnerability in the PHP-Nuke 8.0 AutoHTML module (autohtml.php). The root cause is that the filename parameter can be manipulated with a …/ path, enabling local file inclusion and arbitrary code execution on the server. The vulnerability affects PHP-...
CVE-2007-6376
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the detail...
PHP-Nuke autohtml.php本地文件包含漏洞
PHP-Nuke是一款流行的内容管理程序。 PHP-Nuke包含的autohtml.php脚本不正确处理用户输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'autohtml.php'脚本对用户提交的'filename'参数缺少过滤,提交包含多个"../"字符的数据作为参数,可绕过WEB ROOT限制,以WEB权限查看系统文件内容。 PHP-Nuke 8.0 目前没有详细解决方案提供: http://www.phpnuke.org/...
autohtml-lfi.txt
-------------------------------------------------------------------------------------------------------------------------------------- Another Bug on PHP-Nuke autohtml.php AutoHTML Module Local File Inclusion Dork: inurl:autohtml.php?filename=LFI Example:...
PHP-Nuke NSN Script Depository源代码信息泄露漏洞
PHP-Nuke NSN Script Depository是一款基于PHP的WEB应用程序。 PHP-Nuke NSN Script Depository不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞获得源代码信息。 问题是由于脚本对用户提交的'file'参数缺少过滤,提交脚本文件作为参数数据,可导致获得目标脚本的源代码信息。 NukeScripts NSN Script Depository 1.0 目前没有解决方案提供:...
PHP-Nuke NSN Script Depository 1.0.0 Remote Source Disclosure Vuln
No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...
PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure
PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
sorry, i've made a mistake! only the versions = 1.0.0 are veulnerable!...
PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...
PHP-Nuke NSN Script Depository 1.0.0 Remote Source Disclosure Vuln
Exploit for unknown platform in category web applications ================================================================== PHP-Nuke NSN Script Depository 1.0.0 Remote Source Disclosure Vuln ==================================================================...
PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- PHP-Nuke...
phpnukensn-disclose.txt
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- PHP-Nuke...
Exploits PHP-Nuke Module Advertising Blind SQL Injection
No description provided by source. !/usr/bin/perl Product: PHP-Nuke Module Advertising BugFounder: 0x90 HomePage: WwW.0x90.COM.Ar Problem: Blind SQL Injection use strict; use warnings; use LWP; use Time::HiRes; use IO::Socket; my $host = "http://url/modules.php?name=Advertising"; my $useragent =...