IngegneriConLePalle.com - Il sito degli Studenti della Facoltà di Ingegneria di Forlì

Login o Registrare

Promotions

Online Chat

Vuoi cambiar Nome?!
/n tuonome cambia nick

Scegli la Tua Chat

Mobile	Fissa
Popup	Off

Menu

Utenti

	Il tuo profilo
	Lista Membri
	Blog Utenti
	Firma il Guestbook!
	Contatta Web Master
	Passaparola!!!!

Community

	Galleria Foto
	Salagiochi
	Forums
	Messaggi Privati
	Cruciverba
	Sudoku
	WebChat
	Calendario Eventi
	Torneo Fantacalcio
	Documenti

Risorse

	Downloads
	Loghi x Cellulari
	Web Links
	Barzellette
	Cerca nel Sito

Documenti

	Argomenti
	News
	Aggiungi News
	Digital-Sat News
	AvantGo

Servizi

	Previsioni Meteo
	Elenco Telefonico
	Video Musicali
	Radio Streaming
	Serata in TV
	Stradario d'Italia
	GoogleMaps

Utilità

	Php-Nuke Tools
	GUIstuff+
	Multi Search Engine
	Codice Fiscale
	Underground Search
	Submit Engines
	Open Directory
	PHP-Nuke HOWTO

Statistiche

	Statistiche del Sito
	Analysis
	Top 10

Inverno 2005

	Bollettino Neve
	WebCam Neve

	RSS Articoli 0.91
	RSS Articoli 2.0
	RSS Downloads 0.91
	RSS Downloads 2.0
	RSS Links 0.91
	RSS Links 2.0
	RSS Forums 0.91
	RSS Forums 2.0
	RSS Calendario 0.91
	RSS Calendario 2.0
	ATOM Articoli 0.3

Spambot Killer

Promotions

Security
We have caught 1428 shameful hackers. NukeSentinel™ 2.5.17

Petizione pro aeroporto ridolfi: teniamo il low cost a forlì!

Common PHP-Nuke security vulnerabilities

PHP-Nuke: Management and Programming
Prev	Chapter 23. Security	Next

23.3. Common PHP-Nuke security vulnerabilities

It's instructive to take the time and have a look at PHP-Nuke's list of vulnerabilities (see Table 23-1). Even a superficial inspection reveals some common vulnerability patterns:

Cross-site scripting (Section 23.3.1)
SQL injection (Section 23.3.2)
Path disclosure (Section 23.3.3)
Cross-site tracing (Section 23.3.4)

In the following we will examine them in more detail.

Table 23-1. List of PHP-Nuke security vulnerabilities

Description	Date
PHP-Nuke Path Disclosure Vulnerability	21.10.2003
Splatt Forum Cross-Site Scripting Vulnerability	19.07.2003
PHP-Nuke SQL injection	19.05.2003
Splatt Forum Cross Site Scripting	02.05.2003
PHP-Nuke Cross-Site Scripting	25.04.2003
PHP-Nuke Cross-Site Scripting	01.04.2003
PHP-Nuke SQL Injection	26.03.2003
PHP-Nuke Referer Cross-Site Scripting	19.03.2003
PHP-Nuke Path Disclosure	18.03.2003
PHP-Nuke Multiple SQL Injection Vulnerabilities	07.03.2003
PHP-Nuke Multiple SQL Injection Vulnerabilities	25.02.2003
PHP Nuke Avatar Scriptcode Injection	04.02.2003
PHP-Nuke mail CRLF injection	23.12.2002
PHP-Nuke execution of arbitrary code	17.12.2002
PHP-Nuke Cross Site Scripting	17.12.2002
PHP-Nuke Cross Site Scripting	25.11.2002
PHP-Nuke SQL injection resets passwords	01.11.2002
PHP-Nuke Cross Site Scripting	10.10.2002
Cross Site Scripting holes in Xoops, PHP-Nuke, NPDS, daCode, Drupal and phpWebSite	24.09.2002

Prev	Home	Next
The impact of bad security record on software popularity	Up	Cross-site scripting with PHP-Nuke

Help us make a better PHP-Nuke HOWTO!

Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum!

Chris Karakas, Maintainer PHP-Nuke HOWTO

.:: WebMaster Ing. Francesco Feruzzi :: ©2005 IngegneriConLePalle.com :: Regolamento ::.
Generazione pagina: 0.18 Secondi

Creative Commons License

Eccetto dove diversamente specificato, i contenuti di questo sito sono rilasciati sotto Licenza Creative Commons Attribuzione 2.5.

SEO Stats powered by MyPagerank.Net