CVE-2007-3052

SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter...

CVE-2007-3052

CVE-2007-3052 affects PNphpBB2 (PostNuke) up to version 1.2i and earlier. The vulnerability is an SQL injection in index.php triggered by the c parameter, caused by improper sanitization of user input before using it in a database query in makes_cat_nav_tree() within includes/functions.php. Conse...

pnphpbb2-sql.txt

C:\usr\php\php.exe c:\php.php Content-type: text/html X-Powered-By: PHP/4.3.9 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Usage: php c:\php.php host path OPTIONS host: target server ip/hostname path: PNphpBB2 path Options: -pport: specify a port other than 80...

PNphpBB2 index.php c Parameter SQL Injection

The version of PNphpBB2 on the remote host fails to properly sanitize user-supplied input before using it in a database query in the 'makecatnavtree' function in 'includes/functions.php'. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated remote attacker can leverage this issue to...

PNphpBB2 <= 1.2 (index.php c) Remote SQL Injection Exploit

No description provided by source. ?/ Exploit Name: PNphpBB2 = 1.2 Remote SQL Injection Exploit Autor: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Kacper Hacking & Security Blog: http://kacper.bblog.pl/ Irc: irc.milw0rm.com:6667 devilteam Pozdro dla wszystkich z kanalu...

PNphpBB2 <= 1.2 (index.php c) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================== PNphpBB2 C:\usr\php\php.exe c:\php.php Content-type: text/html X-Powered-By: PHP/4.3.9 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Usage: php...

PNPHPBB2 1.2 - index.php SQL Injection

PNPHPBB2 1.2 - index.php SQL Injection C:\usr\php\php.exe c:\php.php Content-type: text/html X-Powered-By: PHP/4.3.9 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Usage: php c:\php.php host path OPTIONS host: target server ip/hostname path: PNphpBB2 path Options:...

PNphpBB2 &lt;= 1.2g &#40;phpbb_root_path&#41; Remote File Include Vulnerability

Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

PNPHPBB2 1.2g - phpbb_root_path Remote File Inclusion

PNPHPBB2 1.2g - phpbbrootpath Remote File Inclusion Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

PNPHPBB2 &lt; 1.2g - &#039;phpbb_root_path&#039; Remote File Inclusion

Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion

The installation of PostNuke on the remote host includes a version of the PNphpBB2 module that fails to sanitize input to the 'phpbbrootpath' parameter of the 'includes/functionsadmin.php' script before using it in a PHP 'includeonce' function. Provided PHP's 'registerglobals' setting is enabled,...