https://www.exploit-db.com/exploits/22277
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-416

Nuked-klan是一款由PHP编写的脚本。Nuked-klan不正确过滤用户提供的URI参数，远程攻击者可以利用这个漏洞执行部分PHP函数，获得大量系统敏感信息。由于Nuked-klan对模块’Team’、’News’和’Lien’的请求缺少正确过滤，提交部分PHP函数的请求，如phpinfo可使服务器返回大量系统配置信息。

source: http://www.securityfocus.com/bid/6917/info

A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficient sanitization of user-supplied URI parameters.

This issue may be exploited by a remote attacker to obtain sensitive server information, which could aid in launching further attacks against a target system.

The vulnerability was reported for Nuked-Klan beta 1.3; earlier versions may also be affected. 

http://www.example.org/index.php?file=Team&op=phpinfo
http://www.example.org/index.php?file=News&op=phpinfo
http://www.example.org/index.php?file=Liens&op=phpinfo

来源:XF
名称:nukedklan-information-disclosure(11424)
链接:http://xforce.iss.net/xforce/xfdb/11424
来源:BID
名称:6917
链接:http://www.securityfocus.com/bid/6917
来源:BUGTRAQ
名称:20030221[SCSA-006]XSS&FunctionExecutionVulnerabilitiesinNuked-Klan;
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html
来源：NSFOCUS
名称：4447
链接：http://www.nsfocus.net/vulndb/4447