Nuked-Klan X-Forwarded-For SQL Injection Vulnerability

Bugtraq ID:	23835
Class:	Input Validation Error
CVE:	CVE-2007-2556
Remote:	Yes
Local:	No
Published:	May 05 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Darkfig is credited with the discovery of this vulnerability.
Vulnerable:	Nuked-Klan Nuked-Klan 1.7.6
Not Vulnerable:

Nuked-Klan X-Forwarded-For SQL Injection Vulnerability

Nuked-Klan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Nuked-Klan X-Forwarded-For SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

Darkfig released an exploit that executes code by exploiting this issue and then using administrative access to upload and execute PHP code.

• /data/vulnerabilities/exploits/nuked-klan-xforwardedfor.txt

Nuked-Klan X-Forwarded-For SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Nuked-Klan X-Forwarded-For SQL Injection Vulnerability

References:

• Nuked-Klan Home Page (Nuked-Klan)
  
• Nuked-klaN 1.7.6 Remote Code Execution Exploit ([email protected])