CVE-2005-3304

PHP-Nuke 7.8 - SQL Injection via Username Parameter, Downloads URL Parameter, and Web_Links Description Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3304.

AI-analyzed exploit summary The exploit demonstrates a blind SQL injection vulnerability in the Downloads module for PHP-Nuke. It uses ASCII-based substring extraction to leak admin and user credentials from the database by manipulating the 'url' parameter in the 'Add' operation.

Description

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/32747

View Code ZIP pw:eip

The exploit demonstrates a blind SQL injection vulnerability in the Downloads module for PHP-Nuke. It uses ASCII-based substring extraction to leak admin and user credentials from the database by manipulating the 'url' parameter in the 'Add' operation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHP-Nuke Downloads module

No auth needed

Prerequisites: Access to the vulnerable PHP-Nuke instance · Downloads module enabled

MITRE ATT&CK