Waraxe IT Security Portal
Login or Register
July 21, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 201
Members: 0
Total: 201
Full disclosure
[KIS-2024-06] XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability
[KIS-2024-05] XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability
CVE-2024-33326
CVE-2024-33327
CVE-2024-33328
CVE-2024-33329
CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100
SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice
SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products
Novel DoS Vulnerability Affecting WebRTC Media Servers
APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8
40 vulnerabilities in Toshiba Multi-Function Printers
17 vulnerabilities in Sharp Multi-Function Printers
SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)
SEC Consult SA-20240620-0 :: Arbitrary File Upload in edu-sharing (metaVentis GmbH)
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> All other software -> Cutenews <= 1.4.5 usernames fetching exploit Goto page Previous1, 2
Post new topicReply to topic View previous topic :: View next topic
PostPosted: Mon Jun 16, 2008 4:42 pm Reply with quote
Final
Beginner
Beginner
Joined: Jun 05, 2008
Posts: 3




Thanks for your help, mixman, but I can't get it to work. Where exactly do I have to put the code when editing the templates? I have created a new template which hasn't been used in any news yet, but when I try the second way you described and hit 'Save Changes', I get a blank screen - And that happens every time I try to edit it. The only way to undo my actions is to use the backwards-button of my browser.

Any step-by-step instructions, anyone? Razz
View user's profile Send private message
PostPosted: Mon Jul 07, 2008 10:46 am Reply with quote
Dr_Death
Beginner
Beginner
Joined: Jul 07, 2008
Posts: 1




thanks waraxe, exploit have bug it hange with users that have space (firstname lastname) ...etc
View user's profile Send private message
PostPosted: Thu Aug 07, 2008 8:37 pm Reply with quote
harasym
Regular user
Regular user
Joined: Aug 07, 2008
Posts: 6




I have a problem when trying to exploit cutenews. Here it is:

C:\Program Files\PHP>php cuteuser.php
Validating target URL
PHP Fatal error: Call to undefined function curl_init() in C:\Program Files\PHP
\cuteuser.php on line 347

C:\Program Files\PHP>
View user's profile Send private message
PostPosted: Thu Aug 07, 2008 9:12 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




You have to enable curl extension from you php.ini. Decomment the related line.
View user's profile Send private message
PostPosted: Fri Aug 08, 2008 10:25 am Reply with quote
harasym
Regular user
Regular user
Joined: Aug 07, 2008
Posts: 6




I used search in php.ini file but i don't found curl line Crying or Very sad
View user's profile Send private message
PostPosted: Fri Aug 08, 2008 11:10 am Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




Look in you php ext dir for the file php_curl.dll ( I assume you use Windows ). If it's there then add to your php.ini the line

extension=php_curl.dll

The extension is included in php for windows as far as I know.
View user's profile Send private message
PostPosted: Fri Aug 08, 2008 11:54 am Reply with quote
harasym
Regular user
Regular user
Joined: Aug 07, 2008
Posts: 6




oniric wrote:
Look in you php ext dir for the file php_curl.dll ( I assume you use Windows ). If it's there then add to your php.ini the line

extension=php_curl.dll

The extension is included in php for windows as far as I know.


Yes? I'm using windows, but i haven't php_curl.dll file in my php dir. Here is a link to php installer that i've installed:
_http://ua2.php.net/get/php-5.2.6-Win32.zip/from/this/mirror
View user's profile Send private message
PostPosted: Fri Aug 08, 2008 12:31 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




Isn't it in the ext dir as I said?
View user's profile Send private message
PostPosted: Fri Aug 08, 2008 2:32 pm Reply with quote
harasym
Regular user
Regular user
Joined: Aug 07, 2008
Posts: 6




No it isn't
View user's profile Send private message
PostPosted: Fri Aug 08, 2008 2:48 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




I just download the same zip file and it's there Shocked
View user's profile Send private message
PostPosted: Sat Jan 10, 2009 2:32 pm Reply with quote
Pauwlas
Beginner
Beginner
Joined: Jan 10, 2009
Posts: 2




I don't understand why this script don't work for me, just write this error:

Fatal error: Call to undefined function curl_init() in C:\xampp\htdocs\hack\acc.php on line 347

Can someone help my?
View user's profile Send private message
PostPosted: Sat Jan 10, 2009 2:56 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Pauwlas wrote:
I don't understand why this script don't work for me, just write this error:

Fatal error: Call to undefined function curl_init() in C:\xampp\htdocs\hack\acc.php on line 347

Can someone help my?


You need to activate curl extension:

http://www.google.ee/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=et&q=site%3Awaraxe.us+curl_init&lr=&btnG=Google+otsing
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Feb 09, 2009 11:13 pm Reply with quote
NYDAz
Advanced user
Advanced user
Joined: Jan 26, 2009
Posts: 109
Location: Valley of the Kings




On 3 different cutenews powered sites I'm getting the same md5 hash :
d24725eda8256a3f7c2561d5677e9abd

Waraxe, what can it be ?

Confused

EDIT :

It's my password !

md5("winstonz") = d24725eda8256a3f7c2561d5677e9abd

LATER EDIT:
I was using this exploit http://www.milw0rm.com/exploits/4779
Embarassed

_________________
A person who never made a mistake never tried anything new.
View user's profile Send private message
Cutenews <= 1.4.5 usernames fetching exploit
www.waraxe.us Forum Index -> All other software
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 2 of 2
Goto page Previous1, 2
Post new topicReply to topic


Powered by phpBB 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.122 Seconds