 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 239
 Members: 0
 Total: 239
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Union Tap Code (UTC) |
|
 Posted: Tue May 25, 2004 1:03 am |
 |
|
| 5y573m f41lur3 |
| Regular user |
 |
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
 |
|
 |
|
Is there anyway of bypassing this code ??
Is there other way of creating a super admin account with the admin's username and hash ?
Im testing my phpnuke portal... and just wanna make sure...
thanks in advance |
|
|
|
|
|
Re: Union Tap Code (UTC) |
|
| Posted: Tue May 25, 2004 10:33 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| 5y573m f41lur3 wrote: | Is there anyway of bypassing this code ??
Is there other way of creating a super admin account with the admin's username and hash ?
Im testing my phpnuke portal... and just wanna make sure...
thanks in advance |
If you know admin's username and password's md5 hash, then UnionTap cant stop you against "administration", if you construct cookies, acceptable by PhpNuke.
And md5 hash can be gathered by XSS cookietheft too, without using any UNION tricks. |
|
|
|
|
| Posted: Tue May 25, 2004 11:56 am |
|
|
| 5y573m f41lur3 |
| Regular user |
|
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
|
|
|
|
Oh thank you very much !
I have the admin username and md5's hash....
Do you have any advisories or manuals where you explain how can I construct phpnuke admin's cookies ?
Thanks in advance |
|
|
|
|
| Posted: Tue May 25, 2004 3:49 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
I try to finish my tutorial about nuke cookie manual construct today.
And then I will post it in PhpNuke section. And I really hope that you are on about testing your own website, not someone else's 
Because this tutorial will be written for good reasons - so that any phpnuke webmaster can test it and see how easy it is to use gathered md5 hash even without cracking them. |
|
|
|
|
| Posted: Tue May 25, 2004 7:15 pm |
|
|
| 5y573m f41lur3 |
| Regular user |
|
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
|
|
|
|
thank you for you great help...
Im testing it on my own site....
"Sometimes you will try to intentionally hack into your own system to find security flaws and fix them"....
Congratulations for you great work |
|
|
|
|
| Posted: Tue May 25, 2004 10:35 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Wed May 26, 2004 12:11 am |
|
|
| 5y573m f41lur3 |
| Regular user |
|
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
|
|
|
|
cool man!! You are my idol lol  |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
