Re: PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities

To: programmer@xxxxxxxxxxxxxxx
Subject: Re: PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities
From: Paul Laudanski <paul@xxxxxxxxxxxxxx>
Date: Wed, 18 Apr 2007 16:17:42 -0400
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20070417124256.4886.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: CastleCops
References: <20070417124256.4886.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 1.5.0.10 (Windows/20070221)



programmer@xxxxxxxxxxxxxxx wrote:

PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection 
vulnerabilities

________________________
PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSION: All version
BUG: PHP Nuke <= 8.0.0.3.3b Bypass SQL Injection Protection and SQL Injections 
vulnerabilities
AUTHOR: Aleksandar
________________________




Let's look at source code from mainfile.php line 435
__________________________________________

  //Union Tap
  //Copyright Zhen-Xjell 2004 http://nukecops.com
  //Beta 3 Code to prevent UNION SQL Injections

No offense, but newer versions were released.  You're quoting old UT code.

References:
- PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities
  - From: programmer

Prev by Date: ZDI-07-018: IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vunlerability
Next by Date: Re: Internet Explorer Crash
Previous by thread: PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities
Next by thread: Remot File Include In Script phphd_downloads
Index(es):
- Date
- Thread