Bugtraq mailing list archives
Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
From: omega13a () sbcglobal net
Date: 8 Mar 2006 19:08:21 -0000
I forgot to mention but Evaders99 posted a fix for this on nukefixes.com. Just replace if((!is_admin($admin)) AND (isset($_SERVER['QUERY_STRING'])) AND (!stristr($_SERVER['QUERY_STRING'], "ad_click"))) { with if(!isset($admin) OR (isset($admin) AND !is_admin($admin))) { .
Current thread:
- Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 omega13a (Mar 09)
- <Possible follow-ups>
- Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8 omega13a (Mar 09)