CVE-2005-3305

Nuked Klan 1.7 - SQL Injection via Forum, Links, Sections, or Download Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2005-3305. PoCs published by papipsycho.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in Nuked Klan due to unsanitized user input in SQL queries. It includes a sample exploit URL but lacks executable code.

Description

Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.

Exploits (4)

exploitdb WRITEUP VERIFIED
by papipsycho · textwebappsphp
https://www.exploit-db.com/exploits/26387

The provided text describes SQL injection vulnerabilities in Nuked Klan due to unsanitized user input in SQL queries. It includes a sample exploit URL but lacks executable code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Nuked Klan (version not specified)
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by papipsycho · perlwebappsphp
https://www.exploit-db.com/exploits/26389

This exploit demonstrates SQL injection in Nuked Klan 1.7 by injecting a UNION-based query to extract user credentials (MD5 password hashes and IDs) from the database. It constructs a malicious URL to retrieve data from the `nuked_users` table.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Nuked Klan 1.7
No auth needed
Prerequisites: Target URL with vulnerable Nuked Klan installation · Valid username in the database
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by papipsycho · textwebappsphp
https://www.exploit-db.com/exploits/26386

The exploit demonstrates SQL injection vulnerabilities in Nuked Klan by manipulating the 'forum_id' and 'thread_id' parameters in a URL. The payloads use SQL comments and wildcards to bypass input sanitization, potentially allowing unauthorized data access or manipulation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Nuked Klan (version not specified)
No auth needed
Prerequisites: Access to the target application URL · Knowledge of vulnerable parameters
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by papipsycho · textwebappsphp
https://www.exploit-db.com/exploits/26388

The provided text describes SQL injection vulnerabilities in Nuked Klan, specifically in the 'dl_id' parameter. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Nuked Klan
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Patch x_refsource_confirm
http://www.nuked-klan.org/
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113019342213796&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2189
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113019206306710&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22847
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20339
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17304/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15181
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113017972620427&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20337
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20338
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20340

Scores

EPSS 0.0217
EPSS Percentile 79.9%

Details

Status published
Products (1)
nuked-klan/nuked-klan 1.7
Published Oct 26, 2005
Tracked Since Feb 18, 2026