<<< Date Index >>>     <<< Thread Index >>>

Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8



I forgot to mention but Evaders99 posted a fix for this on nukefixes.com.  Just 
replace if((!is_admin($admin)) AND (isset($_SERVER['QUERY_STRING'])) AND 
(!stristr($_SERVER['QUERY_STRING'], "ad_click"))) { with if(!isset($admin) OR 
(isset($admin) AND !is_admin($admin))) { .