Another bug in phpNuke

From: David Page (davidat_private)
Date: Fri Jul 27 2001 - 17:41:31 PDT

Next message: SIFFREDI DANIEL: "bug w2k"

Previous message: Stephen Cope: "Re: Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS"
Next in thread: Spirit Of 1: "Windows ME file restoration"
Reply: Spirit Of 1: "Windows ME file restoration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, i have found some bugs also...

You can execute artibility mysql statments in many of its different
scripts...

reviews.php for example..

The parmenter with the id (reviews.php?id=blah) *think* doesn't check... so
you can simply do reviews.php?id=12345 or ........ blah blah blah

I don't think its possible to execute multiple sql statments in
mysql_query(.....)

php4 will also (addslashes) automatically to ' and ". I don't think php3
does...

I contacted phpNuke 8 days ago.

Next message: SIFFREDI DANIEL: "bug w2k"
Previous message: Stephen Cope: "Re: Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS"
Next in thread: Spirit Of 1: "Windows ME file restoration"
Reply: Spirit Of 1: "Windows ME file restoration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 27 2001 - 19:55:18 PDT