[Full-Disclosure] unreleased php-nuke sql injections

From: Tibor Pittich (Tibor.Pittich@phuture.sk)
Date: 03/25/03

  • Next message: Daniel Ahlberg: "[Full-Disclosure] GLSA: stunnel (200303-24)"
    From: Tibor Pittich <Tibor.Pittich@phuture.sk>
    To: full-disclosure@lists.netsys.com
    Date: Tue, 25 Mar 2003 17:47:28 +0100
    

    hello

    there is three new php-nuke 6.0 sql injection vulnerabilities.
    unfortunatelly, these still isn't publically announced (thanks
    bugtraq..), but patches and description exists at this site:
    http://www.phpsecure.info/

    at least one of this vulnerability is used for example by brazilian
    h4x0r called himself as 'freeck', which used it to propagate image
    with antiwar and '0wn3d' message.

    i believe, that this message will be useful for phpnuke admins.

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: Daniel Ahlberg: "[Full-Disclosure] GLSA: stunnel (200303-24)"