|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 267 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
Re: Online tools to hack a PHP nuke sites (Score: 1) by scandicdiscopub on Saturday, December 13 @ 01:01:05 CET (User Info | Send a Message) | Translations from this site
its 05.45 in the morning as im translating this shit so we all know.
the first he sais in the main article is that he hacked 2 sites because you had to register to download(oops )
ok im now going to the exploit part for audioslaved in special
METODO 3 SQL INJECTION
(Recomendded for PHP NUKE portals or using db MySql)
For this method we need to apply SQL INJETCION
The first thing is to go to the login of the victim normally http://www.victim.com/admin.php in this page we re gonna get the login/pass
Explaining SQL INJECTION
If you know some about programmation this wil be easier to undersand
As the name injection sais what we do is inject code to a page that uses the database,when we start the session in phpnuke ,what the code does is check if the pass is true or false which is done by a loop which basically is like storing it in a variable called pass
if('pass'=='passworddeadministrador') (Note the use of the ยด to compare the strings of the pass)
return (true) welcome administrador
else(Access Denied)
As you see only we can have 2 answers true or false,so to apply this technic the only thing you need to do is to put the passthe next way a'or'newpasssword'
like this when our var enters what it does is the next
if('a'or'newpassword')we use the comparative "or" because our comparative always results true(pass o otherpass)==true
So with this we are modificating the code of the page which will let us in with our new l password "newpassword"
master Passwords :
'or''='
'a''or'
'a'or'newpassword'
Try this basic keys of sql injection ,it also works in login.asp |
| Parent | | | | | |
|