O'Reilly logo

Security Warrior by Anton Chuvakin, Cyrus Peikari

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

PHP-Nuke Examples

This section covers some of the example attacks against PHP-Nuke, a free, open source web site framework written in PHP. The application runs on many platforms (Windows, Linux, Unix) and can interface with multiple databases (MySQL, MS SQL, Oracle, etc). It can be downloaded from http://www.phpnuke.org.

In order to follow along, please install the application on your system; Linux installation directions are provided for convenience. Keep in mind that it should not be used for any production purposes.

Installing PHP-Nuke

We assume that you have a modern Linux system. PHP-Nuke requires that MySQL, PHP, and Apache are installed. You might also need to install the following RPM packages, if you are using Red Hat Linux (all of these are included in the distribution; some other prerequisites might need to be satisfied):

  • mysql

  • httpd

  • php

  • php-mysql

The application is surprisingly easy to install and configure and will produce a flexible database-driven web site, complete with all the latest SQL injection vulnerabilities, in minutes.

Follow these steps to get the application up and running:

  1. Download the application:

    $ wget http://umn.dl.sourceforge.net/sourceforge/phpnuke/PHP-Nuke-6.5.tar.gz
  2. Unpack the resulting archive:

    $ tar zxf PHP-Nuke-6.5.tar.gz
  3. Start the database server:

    # /etc/init.d/mysql start
  4. Create the database using the MySQL administrator tool:

    # mysqladmin create nuke
  5. Create all the required database structures using the included "nuke.sql" tool:

    # cd sql ; mysql nuke < nuke.sql ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required