**************************************************************

* CODEBUG Labs

* Patch #1

* Title: Multiple XSS Bug in admin.php

* Author: Pierquinto 'Mantra' Manco

* Product: PHP-Nuke 7.4

* Web: http://www.mantralab.org

*

* Register to our site and receive our newsletter!

**************************************************************

- ) Patch

Apply this code to your admin.php file:

if ( !empty($HTTP_GET_VARS['admin']) ) {

die("Shit! Mantra wins =)");

}

if ( !empty($HTTP_POST_VARS['admin']) ) {

die("Shit! Mantra wins =)");

}

-) Note

Previous patch isn't enough performant.

Try this one.

There are a lot of this problem in PHP-Nuke 7.4, my patch will check

the content of $_POST[admin] and $_GET[admin].

I'm going to post all this vulnerabilities on my site...

http://www.mantralab.org

**************************************************************

http://www.mantralab.org

**************************************************************

[ reply ]