 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 71
 Members: 0
 Total: 71
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
e7adfda0e4dd0bea8c137236e9802396
Just happens to be: 147a8a8 |
|
|
|
|
Could also add an exploit database... maybe even a PHP scripts library!
A couple of forum improvements;
1) Possibly change the Mambo forum title to includes Joomla.
Making it look something li ... |
|
|
|
|
6a9e2ca81cfefb47fe966180efffb59a
Comes up as: elul21 |
|
|
|
|
Without going to the trouble of using this exploit there is another simple way.
Just go to www.passport.net and click the signup link.
Enter in some bogus details and the email address is yours.
... |
|
|
|
|
Download the pre-modified version of login.php
Basic:
http://rapidshare.com/files/42972574/basic.rar.html
Advanced:
http://rapidshare.com/files/42972814/advanced.rar.html
Modify in between ... |
|
|
|
|
Use this script to send the username & password of each user who log's in on your board to a designated email address. This does not work for users who are set to auto-login.
Versions:
This sc ... |
|
|
|
|
The last time I checked (1 minute ago) you can download the prefix_users table unencrypted.
Of course the board administrators may of installed some modifications to encrypt their backups.
I for o ... |
|
|
|
|
Let's say there is a vulnerable site http://www.testdomain.tld/phpfm/index.php
Remove the index.php and replace it with the following code;
kb.php?mode=article&k=-1+union+select+1,1,concat( ... |
|
|
|
|
Nice work!
The only thing I changed in your release was the links within the top table, the ones starting from "Encoder" onwards. I've place them all on the same row to tidy it up  |
|
|
|
|
The MD5 hashes can be decoded...
Are you implying that the prefix_users table is encrypted as a whole? |
|
|
|
|
This exploit works perfect
Good find Sm0ke! |
|
|
|
|
Quite interesting,
I didn't know it had a particular name,
We can thank Google for making our "research" so much easier...
Maybe in a redesign of the site you could create add a list (amongst ... |
|
|
|
|
By the way, this bug is really old
I was expecting a reply with that!
Although I have got a list of servers that are vulnerable to this
I'll certainly add testing this vulnerable version to ... |
|
|
|
|
Hi all,
I've found this quite interesting;
Say we put Welcome to phpMyAdmin 2.6.4-pl1 into Google-
http://www.google.com/search?hl=en&q=Welcome+to+phpMyAdmin+2.6.4-pl1
Then select one li ... |
|
|
|
|
I've had another go with this script on a completely different domain.
Got this far, but the hash doesn't seem right.
So i've taken a look at the other responses here and changed the $testcnt valu ... |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
