easy way to get superadmin rights in PhpNuke ..

Protecting your Linux box

easy way to get superadmin rights in PhpNuke ..

Postby hb » Thu Mar 25, 2004 9:56 am

[take care..]

AssalamoAlaikum all.

First, we must make some posting to the guestbook or forum (PhpBB is integrated to PhpNuke and in most cases is active module). And besides usual text we use BBcode for adding "image" with url like that:

admin.php?op=AddAuthor&add_aid=attacker&add_name=God&add_pwd=coolpass&add_email=kala_at_hot.ee&add_radminsuper=1

For example in forum:

Image

Now, after posting, we can see "broken" picture, added to our post. And when person with superadmin rights will browse forum and read this post, then new superadmin account will be created "automatically". One more way to attack - send u2u message directly to admin and use described method for message. When admin reads the u2u message - attacker get's superadmin account.

Now, this is of course most simple method to exploit this weakness. If attacker wants to hide the true meaning of the "image", then lets consider something like this:

Image

Is this somehow suspicious picture url? Nop ;) But wise attacker will use Apache webserver's advanced features and if client's browser will request picture from attacker's server, then server just redirects the browser to new, "bad" url ;)

tc all.
Allah Hafiz
Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. -- Anonymous
hb
Lance Naik
 
Posts: 36
Joined: Sun Jul 13, 2003 12:45 pm
Location: internet

Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron