 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Thu May 29, 2008 1:33 am |
 |
|
| Terminal |
| Beginner |
 |
|
| Joined: May 15, 2008 |
| Posts: 4 |
|
|
|
 |
|
 |
|
| Terminal wrote: | Okay thanks that helped a little but now i get
URL is Valid
Request Failed!
Sleeping 1 Seconds
Awake...
Retry #2
and it keeps going adding a second and a retry everytime.
until #10 when its gives fatal error and stops. |
Can i have a hand with this? |
|
|
|
|
|
 |
|
 |
| Posted: Wed Jun 04, 2008 3:18 pm |
|
|
| mixman |
| Regular user |
|
|
| Joined: Jun 03, 2008 |
| Posts: 11 |
| Location: Estonia,Tallinn |
|
|
|
|
|
|
Hi,
i found one site and got username from there:
| Quote: | Total 1 user(s) detected:
1 admin(s)
0 editor(s)
0 journalist(s)
0 commenter(s)
Pretesting passed successfully - target is vulnerable!
Fetched 1 usernames with reglevel 'admin'
tt
Total time spent: 2 seconds
HTTP requests made: 20
Questions and feedback - http://www.waraxe.us/forums.html
See ya!  |
Now when i run other script for getting md5, i get this,
| Quote: | | Pretest 1 failed - wrong username? |
Please help me what am i doing wrong?
| Quote: | $target = 'http://www.xxxxxx.ee/uudised/search.php';
$username = 'admin'; // Username is needed
$outfile = './cute_log.txt';// Log file
|
Shoutd be ok? |
|
|
|
|
|
|
|
|
| Posted: Wed Jun 04, 2008 3:26 pm |
|
|
| Chedda |
| Active user |
|
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
the admin username is tt not admin.
| Code: |
$target = 'http://www.xxxxxx.ee/uudised/search.php';
$username = 'tt'; // Username is needed
$outfile = './cute_log.txt';// Log file
|
|
|
|
|
|
| Posted: Wed Jun 04, 2008 4:06 pm |
|
|
| mixman |
| Regular user |
|
|
| Joined: Jun 03, 2008 |
| Posts: 11 |
| Location: Estonia,Tallinn |
|
|
|
|
|
|
| Chedda wrote: | the admin username is tt not admin.
| Code: |
$target = 'http://www.xxxxxx.ee/uudised/search.php';
$username = 'tt'; // Username is needed
$outfile = './cute_log.txt';// Log file
|
|
Thank you very much, that worked! |
|
|
|
|
| Posted: Wed Jun 11, 2008 6:41 pm |
|
|
| code_decoder |
| Beginner |
 |
|
| Joined: Jun 07, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
| Terminal wrote: | | Terminal wrote: | Okay thanks that helped a little but now i get
URL is Valid
Request Failed!
Sleeping 1 Seconds
Awake...
Retry #2
and it keeps going adding a second and a retry everytime.
until #10 when its gives fatal error and stops. |
Can i have a hand with this? |
same here.. i configure everything as said before .. but i get the same problem.. any idea people ?? |
|
|
|
|
| Posted: Wed Aug 06, 2008 10:19 am |
|
|
| andy |
| Beginner |
|
|
| Joined: Aug 06, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
Hi, in log file I get something like this:
-------------------------------------------------------
Cutenews password md5 hash fetching started
Target: http://xxxxx.xxx/News/search.php
Username: xxx
What i have to do to receive md5 hash of password? I made everything step by step from this topic instructions.
Thanks. |
|
|
|
|
| Posted: Wed Aug 06, 2008 10:30 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| andy wrote: | Hi, in log file I get something like this:
-------------------------------------------------------
Cutenews password md5 hash fetching started
Target: http://xxxxx.xxx/News/search.php
Username: xxx
What i have to do to receive md5 hash of password? I made everything step by step from this topic instructions.
Thanks. |
It's allready old exploit, more than half year has passed ... so target can be patched ...
Next, do you use it as php CLI? Can you see error messages? |
|
|
|
|
| Posted: Wed Aug 06, 2008 10:37 am |
|
|
| andy |
| Beginner |
|
|
| Joined: Aug 06, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
Can You tell how can i do this?
I do it in the way which is described in this thread.
No error appears.
I know that I can hack this site cause I already have done it with this. |
|
|
|
|
| Posted: Tue Feb 24, 2009 3:43 pm |
|
|
| shunkiano |
| Beginner |
|
|
| Joined: Feb 24, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
I have a little problem with your exploit
I run it on Linux with CLI and i got this message
Validating target URL
URL is valid
Pretest failed - wrong username? |
|
|
|
|
| Posted: Fri Feb 27, 2009 5:17 am |
|
|
| shunkiano |
| Beginner |
|
|
| Joined: Feb 24, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Fri Feb 27, 2009 7:01 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| Well it means you may have put the wrong username. |
|
|
|
|
| Posted: Fri Feb 27, 2009 8:14 am |
|
|
| skmpz |
| Advanced user |
 |
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
$username = 'waraxe'; // Username is needed
have u changed that line ?
i mean instead of waraxe between the '' the user u want to attack .. |
|
|
|
|
| Posted: Fri Feb 27, 2009 10:31 am |
|
|
| shunkiano |
| Beginner |
|
|
| Joined: Feb 24, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
| Yes of course... i change all |
|
|
|
|
| Posted: Thu Jan 05, 2012 3:09 pm |
|
|
| sfisher |
| Beginner |
|
|
| Joined: Jan 04, 2012 |
| Posts: 2 |
|
|
|
|
|
|
|
Hey dear Janek
first, thanks a lot for your nice work , and also I've a question,
after hacking cutenews, how can I upload a shell with Manage Images,
it avoid php file and I just can upload images !
actually I tested, HTTP Live header & tamper data to handle it but again, can't upload
thnx for your help ...  |
|
|
|
|
www.waraxe.us Forum Index -> All other software
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 4 of 4
Goto page Previous1, 2, 3, 4
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 230
Members: 0
Total: 230
