PHP-Nuke x.x AND PostNuke SQL Injection

From: Pedro Inacio (pedro.inacioat_private)
Date: Thu Sep 26 2002 - 11:48:02 PDT

Next message: Mark Grimes: "Postnuke XSS issues [correction]"

Previous message: Martin Schulze: "[SECURITY] [DSA 149-2] New glibc packages fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Hello again, just to say that PostNuke ( fork of PHP-Nuke ) is vulnerable to the same bugs AND it is possible to inject different SQL code in order to do other "funny" but "dangerous" things. Note to the guys of those projects: Filter those URL entries!!! Cheers, Pedro Inacio

Next message: Mark Grimes: "Postnuke XSS issues [correction]"
Previous message: Martin Schulze: "[SECURITY] [DSA 149-2] New glibc packages fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 13:21:31 PDT