Vulnerabilities > CVE-2007-2556 - SQL Injection vulnerability in Nuked-Klan 1.7.6

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
nuked-klan
exploit available

Summary

SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.

Vulnerable Configurations

Part Description Count
Application
Nuked-Klan
1

D2sec

nameNuked-klaN 1.7.7 / SP4.4 SQL injection
urlhttp://www.d2sec.com/exploits/nuked-klan_1.7.7___sp4.4_sql_injection.html

Exploit-Db

  • descriptionNuked-klaN 1.7.6 Remote Code Execution Exploit. CVE-2007-2556. Webapps exploit for php platform
    fileexploits/php/webapps/3858.php
    idEDB-ID:3858
    last seen2016-01-31
    modified2007-05-05
    platformphp
    port
    published2007-05-05
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/3858/
    titleNuked-klaN 1.7.6 - Remote Code Execution Exploit
    typewebapps
  • descriptionNuked-klaN <= 1.7.7 / <= SP4.4 Multiple Vulnerabilities Exploit. CVE-2007-2556. Webapps exploit for php platform
    idEDB-ID:6749
    last seen2016-02-01
    modified2008-10-14
    published2008-10-14
    reporterCharles Fol
    sourcehttps://www.exploit-db.com/download/6749/
    titleNuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities Exploit