[21954] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Another bug in phpNuke

daemon@ATHENA.MIT.EDU (David Page)
Fri Jul 27 23:14:11 2001

Message-ID: <008401c116fe$0f6a3f10$0100a8c0@davids>
From: "David Page" <david@melaniepage.worldonline.co.uk>
To: <bugtraq@securityfocus.com>
Date: Sat, 28 Jul 2001 01:41:31 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Yes, i have found some bugs also...

You can execute artibility mysql statments in many of its different
scripts...

reviews.php for example..

The parmenter with the id (reviews.php?id=blah) *think* doesn't check... so
you can simply do reviews.php?id=12345 or ........ blah blah blah

I don't think its possible to execute multiple sql statments in
mysql_query(.....)

php4 will also (addslashes) automatically to ' and ". I don't think php3
does...

I contacted phpNuke 8 days ago.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21954] in bugtraq

Another bug in phpNuke

daemon@ATHENA.MIT.EDU (David Page)Fri Jul 27 23:14:11 2001

daemon@ATHENA.MIT.EDU (David Page)
Fri Jul 27 23:14:11 2001