CVE-2004-1937

Nuked-KlaN 1.4b and 1.5b - Directory Traversal and Arbitrary File Read via User Langue Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1937. PoCs published by frog.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Nuked-Klan b1.5, allowing an attacker to create an admin account by overwriting the GLOBALS configuration file. It uses ASCII character conversion to bypass input restrictions and injects SQL payloads via the 'user_langue' parameter.

Description

Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module.

Exploits (1)

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/23988

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Nuked-Klan b1.5, allowing an attacker to create an admin account by overwriting the GLOBALS configuration file. It uses ASCII character conversion to bypass input restrictions and injects SQL payloads via the 'user_langue' parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Nuked-Klan b1.5

No auth needed

Prerequisites: Target must be running Nuked-Klan b1.5 · Remote access to the web application

MITRE ATT&CK