 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Is there any other SQL injection in phpnuke? |
 |
 Posted: Fri Jul 16, 2004 11:11 pm |
 |
|
| Harry |
| Regular user |
 |
|
| Joined: May 20, 2004 |
| Posts: 14 |
|
|
|
 |
|
 |
|
We have alot of sql injection exploits courtesy "JANEK" but I have seen just 2 scripts till date, the problem with these scripts is :
**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/
WHERE/**/radminsuper=1/**/LIMIT/**/1/* <<<this one takes us back to index.php page.
%20UNION%20SELECT%20null,null,aid,2,null,null,null%20FROM%20nuke_authors/*
bans your ip. Ofcourse the site has nuke protector, but is there any other sql injection apart from the above 2? |
|
|
|
|
|
.. |
|
| Posted: Sat Jul 17, 2004 12:54 am |
|
|
| icenix |
| Advanced user |
|
|
| Joined: May 13, 2004 |
| Posts: 106 |
| Location: Australia |
|
|
|
|
|
|
there is no problem, more than most likley these sites have been patched.
and resistance is futile 
lol dont bother, when we find 'em .. they'll go public |
|
|
|
|
| Posted: Sat Jul 17, 2004 2:28 am |
|
|
| Harry |
| Regular user |
|
|
| Joined: May 20, 2004 |
| Posts: 14 |
|
|
|
|
|
|
|
lol...I know its not a problem, all patched sites will ban ur ip or take u back to index.php... was wondering if I am lacking behind by not using some other sql query  Thanx anyways. |
|
|
|
|
|
.. |
|
| Posted: Sat Jul 17, 2004 6:21 am |
|
|
| icenix |
| Advanced user |
|
|
| Joined: May 13, 2004 |
| Posts: 106 |
| Location: Australia |
|
|
|
|
|
|
your probably doing it perfectly right.
theyre probably just patched. belive it or no even after 30 days+ when the exploits and vulnerabilites start to get old, there is still a more than likley chance that some sites are still vulnerable.
10 days and prior is the peak.
why not you start to get good at finding them?
just look through PHP books and start to learn it, then see where their mistakes are and try and correct..publish..and put them in the picture ?
its easy to get your hands on some PHP Coding code...just have a quick look through it...you'll be surprised at what you find |
|
|
|
|
|
|
|
|
| Posted: Sat Jul 17, 2004 6:27 am |
|
|
| Harry |
| Regular user |
|
|
| Joined: May 20, 2004 |
| Posts: 14 |
|
|
|
|
|
|
|
Would love to do that....you wont be bothered to read a book or info after working for 12-15 hrs a day  I do try alot of things when I have my weekly off .....thanx for the info tho....keep up the good work BTW wheres the "PHPNuke GOD" Janek? |
|
|
|
|
|
lol |
|
| Posted: Sat Jul 17, 2004 6:30 am |
|
|
| icenix |
| Advanced user |
|
|
| Joined: May 13, 2004 |
| Posts: 106 |
| Location: Australia |
|
|
|
|
|
|
wondering where he is myself...
ive emailed and he hasnt come on MSN in a while...
hes probably busy trying to fork up the money to pay for this site  |
|
|
|
|
| Posted: Sat Jul 17, 2004 5:49 pm |
|
|
| thotho |
| Beginner |
|
|
| Joined: Jun 14, 2004 |
| Posts: 4 |
|
|
|
|
|
|
|
ihave the same problem
when i do any thing has * in it will take me back to the index.php
change /**/ with what ??
cheers |
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 111
Members: 0
Total: 111
