PHP-Nuke SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities

info
discussion
exploit
solution
references

PHP-Nuke SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URI strings demonstrate bypassing the SQL-injection-protection feature:

http://www.example.com/nuke/?%2f*

http://www.example.com/html80/?%2f**/UNION%2f**/SELECT