[Full-Disclosure] unreleased php-nuke sql injections
From: Tibor Pittich (Tibor.Pittich@phuture.sk)
From: Tibor Pittich <Tibor.Pittich@phuture.sk> To: firstname.lastname@example.org Date: Tue, 25 Mar 2003 17:47:28 +0100
there is three new php-nuke 6.0 sql injection vulnerabilities.
unfortunatelly, these still isn't publically announced (thanks
bugtraq..), but patches and description exists at this site:
at least one of this vulnerability is used for example by brazilian
h4x0r called himself as 'freeck', which used it to propagate image
with antiwar and '0wn3d' message.
i believe, that this message will be useful for phpnuke admins.
Full-Disclosure - We believe in it.
- application/pgp-signature attachment: stored