[Full-Disclosure] unreleased php-nuke sql injections
From: Tibor Pittich (Tibor.Pittich@phuture.sk)
Date: 03/25/03
- Previous message: nate: "Re: [Full-Disclosure] [RHSA-2003:088-01] New kernel 2.2 packages fix vulnerabilities"
- Next in thread: yossarian: "Re: [Full-Disclosure] unreleased php-nuke sql injections"
- Reply: yossarian: "Re: [Full-Disclosure] unreleased php-nuke sql injections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tibor Pittich <Tibor.Pittich@phuture.sk> To: full-disclosure@lists.netsys.com Date: Tue, 25 Mar 2003 17:47:28 +0100
hello
there is three new php-nuke 6.0 sql injection vulnerabilities.
unfortunatelly, these still isn't publically announced (thanks
bugtraq..), but patches and description exists at this site:
http://www.phpsecure.info/
at least one of this vulnerability is used for example by brazilian
h4x0r called himself as 'freeck', which used it to propagate image
with antiwar and '0wn3d' message.
i believe, that this message will be useful for phpnuke admins.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: nate: "Re: [Full-Disclosure] [RHSA-2003:088-01] New kernel 2.2 packages fix vulnerabilities"
- Next in thread: yossarian: "Re: [Full-Disclosure] unreleased php-nuke sql injections"
- Reply: yossarian: "Re: [Full-Disclosure] unreleased php-nuke sql injections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
