Another vulnerability in PHP-Nuke captcha

Здравствуйте 3APA3A! Сообщаю вам о найденной мною другой Insufficient Anti-automation уязвимости в капче PHP-Nuke. Данная капча уязвима для Null string bypass method. Insufficient Anti-automation: Эксплоит: http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Nuke20CAPTCHA20bypass3.html Уязвима верси...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: CAPTCHA protection bypass. Peter’s Random Anti-Spam Image: CAPTACHA protection bypass and crossite scripting...

PHP-Nuke Advertising Module Modules.PHP SQL注入漏洞

PHP-Nuke Advertising Module是一款基于PHP的WEB应用程序。 PHP-Nuke Advertising Module不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'Modules.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 PHP-Nuke Advertising Module 0.9 升级到最新的PHP-Nuke Advertising Module 0.9...

phpnukema-sql.txt

!/usr/bin/perl Product: PHP-Nuke Module Advertising BugFounder: 0x90 HomePage: WwW.0x90.COM.Ar Problem: Blind SQL Injection use strict; use warnings; use LWP; use Time::HiRes; use IO::Socket; my $host = "http://url/modules.php?name=Advertising"; my $useragent = LWP::UserAgent-new; my $metodo =...

PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection

PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection source: https://www.securityfocus.com/bid/26406/info The PHP-Nuke Advertising Module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A...

PHP-Nuke Module Advertising Blind SQL Injection

!/usr/bin/perl Product: PHP-Nuke Module Advertising BugFounder: 0x90 HomePage: WwW.0x90.COM.Ar Problem: Blind SQL Injection use strict; use warnings; use LWP; use Time::HiRes; use IO::Socket; my $host = "http://url/modules.php?name=Advertising"; my $useragent = LWP::UserAgent-new; my $metodo =...

Vulnerability in PHP-Nuke captcha

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в капче PHP-Nuke. Данная капча уязвима для MustLive CAPTCHA bypass method. Insufficient Anti-automation: Эксплоиты: http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Nuke20CAPTCHA20bypass.html...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: CAPTCHA protection bypass...

PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection

source: https://www.securityfocus.com/bid/26406/info The PHP-Nuke Advertising Module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

CVE-2007-5918

Cross-site request forgery CSRF vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a...

CVE-2007-5918

CVE-2007-5918 is a CSRF vulnerability in the MS TopSites add-on for PHP-Nuke. The flaw occurs in edit.php where the uname parameter is not verified against the current account, allowing a remote authenticated user to change arbitrary accounts or modify the SiteTitleName by supplying a modified un...

CVE-2007-5918

Cross-site request forgery CSRF vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a...

PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion

source: https://www.securityfocus.com/bid/26807/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the...

PHP-Nuke 8.0 - autohtml.php Local File Inclusion

PHP-Nuke 8.0 - autohtml.php Local File Inclusion source: https://www.securityfocus.com/bid/26807/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and...

phpnuketopsites-inject.txt

Html Exploit: PhpNuke add-on MS TopSites Edit Exploit And Html Injection SiteNameTitle sname not Target it must be changed in the source Username uname Url Email i...

Local File Inclusion and Information Leakage vulnerabilities in PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Local File Inclusion и Information Leakage уязвимостях в PHP-Nuke. Уязвимости в скриптах autohtml.php и autohtml0.php в параметре filename. Local File Inclusion: http://site/autohtml.php?filename=../file.php...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: directory traversal in autohtml.php and autohtml0.php allows to obtain password hashes. By requesting non-existant file it's possible to disclosure installation directory...

CVE-2003-1526

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as 1 ", 2 ', or 3 in the search field, which reveals the path in an error message...

CVE-2003-1526

PHP-Nuke 7.0 is affected by CVE-2003-1526. The vulnerability allows remote attackers to reveal the installation path via crafted input (characters like ", ', or >) in the search field, causing an error message that discloses the path. Affected product/component: PHP-Nuke 7.0 (search functional...