Vulnerabilities > CVE-2007-2556 - SQL Injection vulnerability in Nuked-Klan 1.7.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
D2sec
name | Nuked-klaN 1.7.7 / SP4.4 SQL injection |
url | http://www.d2sec.com/exploits/nuked-klan_1.7.7___sp4.4_sql_injection.html |
Exploit-Db
description Nuked-klaN 1.7.6 Remote Code Execution Exploit. CVE-2007-2556. Webapps exploit for php platform file exploits/php/webapps/3858.php id EDB-ID:3858 last seen 2016-01-31 modified 2007-05-05 platform php port published 2007-05-05 reporter DarkFig source https://www.exploit-db.com/download/3858/ title Nuked-klaN 1.7.6 - Remote Code Execution Exploit type webapps description Nuked-klaN <= 1.7.7 / <= SP4.4 Multiple Vulnerabilities Exploit. CVE-2007-2556. Webapps exploit for php platform id EDB-ID:6749 last seen 2016-02-01 modified 2008-10-14 published 2008-10-14 reporter Charles Fol source https://www.exploit-db.com/download/6749/ title Nuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities Exploit
References
- http://osvdb.org/36931
- http://secunia.com/advisories/25165
- http://securityreason.com/securityalert/2665
- http://www.securityfocus.com/archive/1/467750/100/0/threaded
- http://www.securityfocus.com/bid/23835
- http://www.vupen.com/english/advisories/2007/1662
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34116
- https://www.exploit-db.com/exploits/3858