Bugtraq mailing list archives
Another bug in phpNuke
From: "David Page" <david () melaniepage worldonline co uk>
Date: Sat, 28 Jul 2001 01:41:31 +0100
Yes, i have found some bugs also... You can execute artibility mysql statments in many of its different scripts... reviews.php for example.. The parmenter with the id (reviews.php?id=blah) *think* doesn't check... so you can simply do reviews.php?id=12345 or ........ blah blah blah I don't think its possible to execute multiple sql statments in mysql_query(.....) php4 will also (addslashes) automatically to ' and ". I don't think php3 does... I contacted phpNuke 8 days ago.
Current thread:
- Another bug in phpNuke David Page (Jul 28)
- Windows ME file restoration Spirit Of 1 (Jul 28)
- RE: Windows ME file restoration CJ Oakwood (Jul 28)
- Re: Windows ME file restoration Phil Stracchino (Jul 29)
- RE: Windows ME file restoration Peter Tonoli (Jul 29)
- Re: Windows ME file restoration Erektus (Jul 29)
- RE: Windows ME file restoration CJ Oakwood (Jul 28)
- Re: Windows ME file restoration Sata (Jul 29)
- Windows ME file restoration Spirit Of 1 (Jul 28)