It's instructive to take the time and have a look at PHP-Nuke's list of vulnerabilities (see Table 23-1). Even a superficial inspection reveals some common vulnerability patterns:
Cross-site scripting (Section 23.3.1)
SQL injection (Section 23.3.2)
Path disclosure (Section 23.3.3)
Cross-site tracing (Section 23.3.4)
In the following we will examine them in more detail.
Table 23-1. List of PHP-Nuke security vulnerabilities
Description |
Date |
21.10.2003 |
|
19.07.2003 |
|
19.05.2003 |
|
02.05.2003 |
|
25.04.2003 |
|
01.04.2003 |
|
26.03.2003 |
|
19.03.2003 |
|
18.03.2003 |
|
07.03.2003 |
|
25.02.2003 |
|
04.02.2003 |
|
23.12.2002 |
|
17.12.2002 |
|
17.12.2002 |
|
25.11.2002 |
|
01.11.2002 |
|
10.10.2002 |
|
Cross Site Scripting holes in Xoops, PHP-Nuke, NPDS, daCode, Drupal and phpWebSite |
24.09.2002 |
Prev | Home | Next |
The impact of bad security record on software popularity | Up | Cross-site scripting with PHP-Nuke |
Help us make a better PHP-Nuke HOWTO!Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum! Chris Karakas, Maintainer PHP-Nuke HOWTO |