| Send to a friend | PDF | RTF | PS | TXT | Other formats |
It's instructive to take the time and have a look at PHP-Nuke's list of vulnerabilities (see Table 23-1). Even a superficial inspection reveals some common vulnerability patterns:
Cross-site scripting (Section 23.3.1)
SQL injection (Section 23.3.2)
Path disclosure (Section 23.3.3)
Cross-site tracing (Section 23.3.4)
In the following we will examine them in more detail.
Table 23-1. List of PHP-Nuke security vulnerabilities
|
Description |
Date |
|
21.10.2003 |
|
|
19.07.2003 |
|
|
19.05.2003 |
|
|
02.05.2003 |
|
|
25.04.2003 |
|
|
01.04.2003 |
|
|
26.03.2003 |
|
|
19.03.2003 |
|
|
18.03.2003 |
|
|
07.03.2003 |
|
|
25.02.2003 |
|
|
04.02.2003 |
|
|
23.12.2002 |
|
|
17.12.2002 |
|
|
17.12.2002 |
|
|
25.11.2002 |
|
|
01.11.2002 |
|
|
10.10.2002 |
|
|
Cross Site Scripting holes in Xoops, PHP-Nuke, NPDS, daCode, Drupal and phpWebSite |
24.09.2002 |
| Prev | Home | Next |
| The impact of bad security record on software popularity | Up | Cross-site scripting with PHP-Nuke |
| Last updated Sun Aug 7 21:14:12 CEST 2005 | Permalink: http://www.karakas-online.de/EN-Book/common-php-nuke-security-vulnerabilities.html | All contents © 2004 Chris Karakas, Claudio Erba |
|
|
|
||
|
|
|
||