Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
From: omega13a@xxxxxxxxxxxxx
Date: 8 Mar 2006 19:08:21 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

I forgot to mention but Evaders99 posted a fix for this on nukefixes.com.  Just 
replace if((!is_admin($admin)) AND (isset($_SERVER['QUERY_STRING'])) AND 
(!stristr($_SERVER['QUERY_STRING'], "ad_click"))) { with if(!isset($admin) OR 
(isset($admin) AND !is_admin($admin))) { .

Prev by Date: Aluria/WhenU Troubled Past and Whitewashing History
Next by Date: Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
Previous by thread: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
Next by thread: Re: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
Index(es):
- Date
- Thread