 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 210
 Members: 0
 Total: 210
|
|
|
|
|
|
Full disclosure |
|
Google Firebase hosting suspension / "malware distribution"bypass
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Help Admin-level authentication bypass in phpnuke 6.x-7.2 |
|
 Posted: Sun Jul 25, 2004 11:49 pm |
 |
|
| zerocool |
| Regular user |
 |
|
| Joined: Jul 17, 2004 |
| Posts: 20 |
|
|
|
 |
|
 |
|
|
|
|
|
|
|
|
|
| Posted: Mon Jul 26, 2004 8:51 am |
|
|
| zer0-c00l |
| Advanced user |
 |
|
| Joined: Jun 25, 2004 |
| Posts: 72 |
| Location: BRAZIL! |
|
|
|
|
|
|
another zero cool haha
i think the site isnt vulnerable if shows 'slection from database failed'..
but the string works perfect |
|
|
|
|
|
bro come in |
|
| Posted: Mon Jul 26, 2004 11:40 am |
|
|
| zerocool |
| Regular user |
|
|
| Joined: Jul 17, 2004 |
| Posts: 20 |
|
|
|
|
|
|
|
so why its tell me selection from database faild
and its not add a superadmin user
with user:waraxe2 and pass:coolpass
why when iam post this command its only tell me selection from database faild  (( what i need 2 do? |
|
|
|
|
|
a |
|
| Posted: Mon Jul 26, 2004 2:38 pm |
|
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
Site is patched...Site have updated php-nuke version,or have some protection system.. That exploit is old and dont work for 99% php-nuke sites..
 |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
|
Thanks Bro |
|
| Posted: Mon Jul 26, 2004 5:42 pm |
|
|
| zerocool |
| Regular user |
|
|
| Joined: Jul 17, 2004 |
| Posts: 20 |
|
|
|
|
|
|
|
Thanks For the help
and i have another Question when iam put this command to a site
modules.php?name=Journal&file=search&bywhat=aid&exact=1&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*
its give me a hash but when iam view the profile of the user that have this hash i see id 0
why its tell me id 0???????
and give me hash to id 0 when i putting this sql injection command ((??
and where i can find the radminsuper id?? |
|
|
|
|
| Posted: Mon Jul 26, 2004 8:44 pm |
|
|
| SteX |
| Advanced user |
|
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
| God Admin always has ID 1 .. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
|
Come In Stex |
|
| Posted: Mon Jul 26, 2004 8:57 pm |
|
|
| zerocool |
| Regular user |
|
|
| Joined: Jul 17, 2004 |
| Posts: 20 |
|
|
|
|
|
|
|
yeah i know god admin is id 1 bro
but when iam doing this sql injection command i see the hash
with viewprofile id 0
why its this?? and how can i figure the God Admin id nickname??
because if i want to change in my cookie to the admin "cookie"
i need to know the id of the radminsuper like this
Stex:d3721b54ee6f43b22910c7e82775d56f
so know i only know the hash:d3721b54ee6f43b22910c7e82775d56f
but i dont know the radminsuper id nickname (
so i cant do nothing how can i know the superadmin nickname (? |
|
|
|
|
|
Thanks guys i was made to know the aid of the admin :) |
|
| Posted: Tue Jul 27, 2004 4:09 pm |
|
|
| zerocool |
| Regular user |
|
|
| Joined: Jul 17, 2004 |
| Posts: 20 |
|
|
|
|
|
|
|
hey take off is info in the memberlist but i was doing thing like this
forum-userprofile-2.html&sid=3be12190a8ffa6b4ac8aa8d92cf45381g
and then i so is aid 
thanks again bye bye |
|
|
|
|
| Posted: Tue Jun 07, 2005 7:54 pm |
|
|
| err |
| Beginner |
 |
|
| Joined: Jun 07, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
when i try i get:
Author's Creation Error
You must complete all compulsory fields
seems like exploit gonna work.. because it shows the menu admin.  |
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
