header-logo
Suggest Exploit
vendor:
PHP Nuke
by:
SecurityFocus
7.5
CVSS
HIGH
Input Validation Vulnerability
20
CWE
Product Name: PHP Nuke
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

PHP Nuke Input Validation Vulnerability

PHP Nuke is prone to an input validation vulnerability. Reports indicate the script fails to correctly identify potentially dangerous characters when the characters are double hex-encoded (i.e. %25%41 == %41 == A). A remote attacker may exploit this issue to bypass PHP Nuke protections and exploit issues that exist in the underlying PHP Nuke installation.

Mitigation:

Ensure that input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13557/info

PHP Nuke is prone to an input validation vulnerability. Reports indicate the script fails to correctly identify potentially dangerous characters when the characters are double hex-encoded (i.e. %25%41 == %41 == A).

A remote attacker may exploit this issue to bypass PHP Nuke protections and exploit issues that exist in the underlying PHP Nuke installation. 

Will be filtered:
'modules.php?FistFucker=()'

Will be bypassed:
'modules.php?FistFucker=%2528%2529'


Will be filtered:
'/**/UNION/**/SELECT/**/'

Will be bypassed:
'/%2A%2A/UNION/%2A%2A/SELECT/%2A%2A/'

Navigation

Suggest Exploit

Services By CQR