 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 140
 Members: 0
 Total: 140
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Union Tap Code (UTC) |
|
 Posted: Tue May 25, 2004 1:03 am |
 |
|
| 5y573m f41lur3 |
| Regular user |
 |
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
 |
|
 |
|
Is there anyway of bypassing this code ??
Is there other way of creating a super admin account with the admin's username and hash ?
Im testing my phpnuke portal... and just wanna make sure...
thanks in advance |
|
|
|
|
|
Re: Union Tap Code (UTC) |
|
| Posted: Tue May 25, 2004 10:33 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| 5y573m f41lur3 wrote: | Is there anyway of bypassing this code ??
Is there other way of creating a super admin account with the admin's username and hash ?
Im testing my phpnuke portal... and just wanna make sure...
thanks in advance |
If you know admin's username and password's md5 hash, then UnionTap cant stop you against "administration", if you construct cookies, acceptable by PhpNuke.
And md5 hash can be gathered by XSS cookietheft too, without using any UNION tricks. |
|
|
|
|
| Posted: Tue May 25, 2004 11:56 am |
|
|
| 5y573m f41lur3 |
| Regular user |
|
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
|
|
|
|
Oh thank you very much !
I have the admin username and md5's hash....
Do you have any advisories or manuals where you explain how can I construct phpnuke admin's cookies ?
Thanks in advance |
|
|
|
|
| Posted: Tue May 25, 2004 3:49 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
I try to finish my tutorial about nuke cookie manual construct today.
And then I will post it in PhpNuke section. And I really hope that you are on about testing your own website, not someone else's 
Because this tutorial will be written for good reasons - so that any phpnuke webmaster can test it and see how easy it is to use gathered md5 hash even without cracking them. |
|
|
|
|
| Posted: Tue May 25, 2004 7:15 pm |
|
|
| 5y573m f41lur3 |
| Regular user |
|
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
|
|
|
|
thank you for you great help...
Im testing it on my own site....
"Sometimes you will try to intentionally hack into your own system to find security flaws and fix them"....
Congratulations for you great work |
|
|
|
|
| Posted: Tue May 25, 2004 10:35 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Wed May 26, 2004 12:11 am |
|
|
| 5y573m f41lur3 |
| Regular user |
|
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
|
|
|
|
cool man!! You are my idol lol  |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
