Bugtraq mailing list archives

Re: PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities

From: Paul Laudanski <paul () castlecops com>
Date: Wed, 18 Apr 2007 16:17:42 -0400



programmer () serbiansite com wrote:

PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities

________________________
PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSION: All version
BUG: PHP Nuke <= 8.0.0.3.3b Bypass SQL Injection Protection and SQL Injections vulnerabilities
AUTHOR: Aleksandar
________________________




Let's look at source code from mainfile.php line 435
__________________________________________

  //Union Tap
  //Copyright Zhen-Xjell 2004 http://nukecops.com
  //Beta 3 Code to prevent UNION SQL Injections

No offense, but newer versions were released.  You're quoting old UT code.

Current thread:

PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities programmer (Apr 17)
- Re: PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities Paul Laudanski (Apr 18)