>>  Site Map >>  Forums >>  PHP-Nuke Security

Forum module - topics in forum:


PHP-Nuke Security - Been hacked? or have a question about securing your site, here's the place.

Nuke Sentinel Php-Nuke Security Script Bypass
http://www.zone-h.org Wrote: :

NukeSentinel is a security script for Php-Nuke sites for blocking hacking attempts. The creator is Bob Marion from www.nukescripts.net. It is supposed to block all strings used in sql injection and scripting attacks.
It has been discovered an attacker can bypass nukesentinel for any kind of attack by using %2a%2a in a query instead of the ** or ( ) that Nuke Sentinel alerts on. Example:
www.target.com/modules.php?name=[module name]&file=search&bywhat=aid&exact=1&forwhat=kala%27/%2a%2a/[Script]
Other scripts such as protector and admin secure will stop this.


anybody heard of a fix for this or know how to stop it?



Might be worth posting on the Sentinel Support site also..... if not already done



http://ravenphpscripts.com/postt7683.html



Attention! You are currently viewing sitemap page!
We strongly suggest to look at original content

Search from web

Valid HTML 4.01 Valid CSS