NukeCops

You are missing our premiere tool bar navigation system! Register and use it for FREE!

Create an account

• Home • Downloads • Gallery • Your Account • Forums •

Readme First

- Readme First! -
Read and follow the rules, otherwise your posts will be closed

Modules

· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account

Who's Online

There are currently, 341 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Online tools to hack a PHP nuke sites (Score: 1)
by scandicdiscopub on Saturday, December 13 @ 01:01:05 CET
(User Info | Send a Message)

Translations from this site
its 05.45 in the morning as im translating this shit so we all know.
the first he sais in the main article is that he hacked 2 sites because you had to register to download(oops )
ok im now going to the exploit part for audioslaved in special
METODO 3 SQL INJECTION
(Recomendded for PHP NUKE portals or using db MySql)
For this method we need to apply SQL INJETCION
The first thing is to go to the login of the victim normally http://www.victim.com/admin.php in this page we re gonna get the login/pass
Explaining SQL INJECTION
If you know some about programmation this wil be easier to undersand
As the name injection sais what we do is inject code to a page that uses the database,when we start the session in phpnuke ,what the code does is check if the pass is true or false which is done by a loop which basically is like storing it in a variable called pass
if('pass'=='passworddeadministrador') (Note the use of the ´ to compare the strings of the pass)
return (true) welcome administrador
else(Access Denied)
As you see only we can have 2 answers true or false,so to apply this technic the only thing you need to do is to put the passthe next way a'or'newpasssword'
like this when our var enters what it does is the next
if('a'or'newpassword')we use the comparative "or" because our comparative always results true(pass o otherpass)==true
So with this we are modificating the code of the page which will let us in with our new l password "newpassword"

master Passwords :
'or''='
'a''or'
'a'or'newpassword'
Try this basic keys of sql injection ,it also works in login.asp

| Parent

Re: Online tools to hack a PHP nuke sites by allevon on Saturday, December 13 @ 01:52:52 CET
Re: Online tools to hack a PHP nuke sites by Audioslaved on Saturday, December 13 @ 02:01:57 CET
- Re: Online tools to hack a PHP nuke sites by allevon on Saturday, December 13 @ 02:05:38 CET
- Re: Online tools to hack a PHP nuke sites by scandicdiscopub on Saturday, December 13 @ 02:30:02 CET
  - Re: Online tools to hack a PHP nuke sites by allevon on Saturday, December 13 @ 02:36:41 CET
    - Re: Online tools to hack a PHP nuke sites by Audioslaved on Saturday, December 13 @ 04:33:26 CET
      - Re: Online tools to hack a PHP nuke sites by allevon on Saturday, December 13 @ 09:59:22 CET

Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.055 Seconds - 171 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)

:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::