|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 54
Members: 0
Total: 54
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
info NukeSentinel 2.5.11 - 2.5.12 exploit |
|
Posted: Wed Apr 23, 2008 11:02 am |
|
|
yamcho |
Regular user |
|
|
Joined: Mar 13, 2006 |
Posts: 6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Apr 23, 2008 11:42 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
These two security holes in Nuke Sentinel are hard-to-exploit. Blind sql injection methods must be used and yes, i wrote some proof-of-concept exploits, but did not publish them.
So - if you are sure, that your target is using old version NukeSentinel (most websites have been upgraded!), then read tutorials about sql injection, set up local test system with apache/mysql/php/phpnuke/nukesentinel and then write working exploit. It's not so hard. If you have questions - let me know, i am able to give out hints, but exploit(s) must be written by yourself. |
|
|
|
|
|
|
|
|
Posted: Wed Apr 23, 2008 12:48 pm |
|
|
yamcho |
Regular user |
|
|
Joined: Mar 13, 2006 |
Posts: 6 |
|
|
|
|
|
|
|
ooo... of course!
i not wont an explit script... i already know the sql injection..
my only question is: when the script report in the advisory is execute?
the thing that i don't know is PhpNuke system.
i know that sentinell is a phpnuke module and that work with any page of that.
thks |
|
|
|
|
Posted: Wed Apr 23, 2008 12:52 pm |
|
|
yamcho |
Regular user |
|
|
Joined: Mar 13, 2006 |
Posts: 6 |
|
|
|
|
|
|
|
sorry 4 my horrible english |
|
|
|
|
Posted: Wed Apr 23, 2008 3:52 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
Posted: Wed Apr 23, 2008 4:25 pm |
|
|
yamcho |
Regular user |
|
|
Joined: Mar 13, 2006 |
Posts: 6 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|