Waraxe IT Security Portal

tox1c · Active user

Is there a working up to date SQL Injection Exploit for IPB v1.3.

I cant seem to find a working one.
I tried the one 2.3.5 by waraxe but it didnt work.
?

pexli · Valuable expert

Search in threads.I give exploit for ipb 1.3 final

tox1c · Active user

ive searched but cant find

pexli · Valuable expert

http://www.waraxe.us/ftopict-768-ipb.html+1+3+final+exploit

nuker · Active user

thats saved as a pl right? its executed via perl. I know that, however i cant figure out exactly how to use it. Do you have to modify the code according to your needs before executing it prompts you to input board URL and all that after you execute it.

Thanks.

pexli · Valuable expert

I think this is write on english:

nuker · Active user

okay, lets say the target board is myass.com/forum/ so i tried by changing that to this

## r57ipb2.pl myass.com /forum/ 1 0 <-------------------
## [~] SERVER : myass.com
## [~] PATH : /forum/
## [~] MEMBER ID : 1
## [~] TARGET : 0 - IPB 1.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## PASSWORD : 5f4dcc3b5aa765d61d8327deb882cf99
##
## r57ipb2.pl myass.com /forum/ 1 1 <----------------------------
## [~] SERVER : myass.com
## [~] PATH : /forum/
## [~] MEMBER ID : 1
## [~] TARGET : 1 - IPB 2.*
## [~] SEARCHING PASSWORD ... [ DONE ]

but after executing it from command.exe i still get this

pexli · Valuable expert

Save script on the PC.Call him myscript.pl

I think you us windows

Start--->run-->cmd OK

In command prompt type

myscript.pl myass.com /forum/ 1 0

You need to install Perl on the PC.

nuker · Active user

Thank you. That was a great explanation. I finally got it to work, however it says [failed]. Im testing it with a 1.2 of my own so its not patched or anything.

Thank you for your time.

Poison · Advanced user

i get this error when trying to execute the exploit in CMD

C:\Perl>perl hi.pl
Bareword found where operator expected at hi.pl line 44, near ")Sad'password"
(Missing operator before Sad'password?)
String found where operator expected at hi.pl line 48, near "$request = '"
(Might be a runaway multi-line '' string starting on line 44)
(Missing semicolon on previous line?)
Bareword found where operator expected at hi.pl line 48, near "$request = 'http"

(Missing operator before http?)
Number found where operator expected at hi.pl line 60, near "IPB 2."
(Might be a runaway multi-line '' string starting on line 4 Cool

(Do you need to predeclare IPB?)
Number found where operator expected at hi.pl line 60, near "IPB 1."
(Do you need to predeclare IPB?)
Bareword found where operator expected at hi.pl line 77, near "print (($target)?
('MEMBER_LOGIN_KEY"
(Might be a runaway multi-line '' string starting on line 60)
(Do you need to predeclare print?)
Bareword found where operator expected at hi.pl line 77, near "')Sad'PASSWORD"
(Missing operator before PASSWORD?)
syntax error at hi.pl line 44, near ")Sad'password"
Can't find string terminator "'" anywhere before EOF at hi.pl line 77.

nuker · Active user

if you copied it directly from the board is most likely the code its messed up because of the smilies. So try to get the original one or remove the smilies yourself (such as Sad and Cool) and then it will work.

PJG · Beginner

When I try this it says:

syntax error at C:\scriptname.pl line 38, next char )
"use" not allowed in expression at C:\bruteipb.pl line 38, at end of line
Execution of C:\scriptname.pl aborted due to compilation errors.

It's referring to this line:

use IO::Socket;

what can I do about this?