Yes, i have found some bugs also... You can execute artibility mysql statments in many of its different scripts... reviews.php for example.. The parmenter with the id (reviews.php?id=blah) *think* doesn't check... so you can simply do reviews.php?id=12345 or ........ blah blah blah I don't think its possible to execute multiple sql statments in mysql_query(.....) php4 will also (addslashes) automatically to ' and ". I don't think php3 does... I contacted phpNuke 8 days ago.
This archive was generated by hypermail 2b30 : Fri Jul 27 2001 - 19:55:18 PDT