CVE-2007-2312

Multiple SQL injection vulnerabilities in the Virtual War VWar 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however,...

CVE-2007-2306

Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...

CVE-2007-2306

The CVE-2007-2306 entry describes multiple XSS vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke when register_globals is enabled. The affected components are the extra/login.php (memberlist parameter) and extra/today.php (title parameter). The impact is that rem...

PHP-Nuke绕过SQL注入保护及多个SQL注入漏洞

PHP-Nuke是一个广为流行的网站创建和管理工具，它可以使用很多数据库软件作为后端，比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke实现上存在多个SQL注入漏洞，远程攻击者可能利用这些漏洞非授权操作数据库。 在mainfile.php文件中435行： //Union Tap //Copyright Zhen-Xjell 2004 http://nukecops.com //Beta 3 Code to prevent UNION SQL Injections unset$matches; unset$loc;...

PHP-Nuke SQL注入保护绕过和多个SQL注入漏洞

PHP-Nuke是一款基于PHP的WEB应用程序。 PHP-Nuke不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是对于"/"字符缺少充分的过滤，使用"%2f"可绕过输入检查，进行SQL注入攻击。 PHP-Nuke 8.0 .3.3b 目前没有解决方案提供： http://www.phpnuke.org http://www.example.com/nuke/?%2f http://www.example.com/html80/?%2f/UNION%2f/SELECT...

PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass Multiple SQL Injections

PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass Multiple SQL Injections source: https://www.securityfocus.com/bid/23528/info PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A...

phpnuke-bypass-sql.txt

PHP Nuke = 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities PROGRAM: PHP-Nuke HOMEPAGE: http://phpnuke.org/ VERSION: All version BUG: PHP Nuke = 8.0.0.3.3b Bypass SQL Injection Protection and SQL Injections vulnerabilities AUTHOR: Aleksandar Let's look at source code...

PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities

PHP Nuke = 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities PROGRAM: PHP-Nuke HOMEPAGE: http://phpnuke.org/ VERSION: All version BUG: PHP Nuke = 8.0.0.3.3b Bypass SQL Injection Protection and SQL Injections vulnerabilities AUTHOR: Aleksandar Let's look at source code...

PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injections

source: https://www.securityfocus.com/bid/23528/info PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, acce...

CVE-2007-1934

Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. dot dot in the GLOBALSname parameter...

Directory traversal

Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. dot dot in the GLOBALSname parameter...

CVE-2007-1934

Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. dot dot in the GLOBALSname parameter...

CVE-2007-1934

CVE-2007-1934 affects the PHP-Nuke eBoard 1.0.7 module. The vulnerability is a directory traversal in member.php that allows remote attackers to include and execute arbitrary local files by supplying a .. in the GLOBALS[name] parameter. Multiple connected sources corroborate this exact issue and ...

PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] LFI Exploit

No description provided by source. !Perl PHP-Nuke Module eBoard 1.0.7 GLOBALSname Local File Inclusion Exploit Vendor: http://www.complex-berlin.de/modules.php?name=Downloads&dop=getit&lid=975 Coded by bd0rk || SOH-Crew Greetz: str0ke, TheJT, MereX, mymaster use IO::Socket; use LWP::Simple; rippe...

PHP-Nuke Module eBoard 1.0.7 - GLOBALS[name] Local File Inclusion

PHP-Nuke Module eBoard 1.0.7 - GLOBALSname Local File Inclusion !Perl PHP-Nuke Module eBoard 1.0.7 GLOBALSname Local File Inclusion Exploit Vendor: http://www.complex-berlin.de/modules.php?name=Downloads&dop=getit&lid=975 Coded by bd0rk || SOH-Crew Greetz: str0ke, TheJT, MereX, mymaster use...

PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] LFI Exploit

Exploit for unknown platform in category web applications ====================================================== PHP-Nuke Module eBoard 1.0.7 GLOBALSname LFI Exploit ====================================================== !Perl PHP-Nuke Module eBoard 1.0.7 GLOBALSname Local File Inclusion Exploit...

PHP-Nuke Module eBoard 1.0.7 - GLOBALS[name] Local File Inclusion

!Perl PHP-Nuke Module eBoard 1.0.7 GLOBALSname Local File Inclusion Exploit Vendor: http://www.complex-berlin.de/modules.php?name=Downloads&dop=getit&lid=975 Coded by bd0rk || SOH-Crew Greetz: str0ke, TheJT, MereX, mymaster use IO::Socket; use LWP::Simple; ripped @apache=...

CVE-2007-1778

PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 EN-Forums module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 EN-Forums module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-1778

CVE-2007-1778 is a PHP remote file inclusion vulnerability in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke. The issue allows remote attackers to execute arbitrary PHP code through a URL supplied to the phpbb_root_path parameter, leading to complete compromise of affected systems. The NVD entr...