 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Wed Dec 10, 2008 3:53 pm |
 |
|
| almostwOw |
| Beginner |
 |
|
| Joined: Dec 10, 2008 |
| Posts: 4 |
|
|
|
 |
|
 |
|
exploit doesnt work
when i use it in perl :
C:\achi\exploits\ng.pl Line 1
help me :-s |
|
|
|
|
| Posted: Wed Dec 10, 2008 5:06 pm |
|
|
| zipnick15 |
| Regular user |
|
|
| Joined: Dec 08, 2008 |
| Posts: 7 |
|
|
|
|
|
|
|
LoL  , its cause its made for PHP not Perl  |
|
|
|
|
| Posted: Tue Dec 23, 2008 3:05 am |
|
|
| rpL |
| Beginner |
|
|
| Joined: Dec 23, 2008 |
| Posts: 1 |
|
|
|
|
|
|
|
please, help me, i'm very noob..!
first, i'm brazilian, and i don't know how to speak english very well..
sorry about my english ;s
when i try to use this exploit i have the some error:
Unterminated <> operator at C:\ipb.pl line 1.
what i need to do ? please explain step-by-step, i'm noob :X
i installed the PHP but the exploit didn't work..
the same error!
thanks a lot!
------------------EDIT--------------
hello, i researched a lot, and i founded the solution, now the script is running 100%
thanks! |
|
|
|
|
| Posted: Tue Dec 23, 2008 3:14 pm |
|
|
| mehu |
| Regular user |
|
|
| Joined: Sep 23, 2008 |
| Posts: 12 |
|
|
|
|
|
|
|
| Waraxe, can this exploit be used to fetch the users loginid (in some cases the display name differs from the login name) or email? And if so could you help me out with that? |
|
|
|
|
| Posted: Thu Dec 25, 2008 12:27 am |
|
|
| waplet |
| Active user |
|
|
| Joined: Dec 24, 2008 |
| Posts: 31 |
|
|
|
|
|
|
|
| Yeah i want to see not id , but login name , because lot of people change to their own nicks , member title |
|
|
|
|
| Posted: Thu Dec 25, 2008 11:05 am |
|
|
| waplet |
| Active user |
|
|
| Joined: Dec 24, 2008 |
| Posts: 31 |
|
|
|
|
|
|
|
i made lil changes: i added this
| Code: |
xecho("\n------------------------------------------\n");
xecho($i.":".$hash.":".$salt);
xecho("\n------------------------------------------\n"); |
below this:
| Code: |
xecho("\n------------------------------------------\n");
xecho("User ID: $i\n");
xecho("Hash: $hash\n");
xecho("Salt: $salt");
xecho("\n------------------------------------------\n"); |
and now it shows like this:
| Code: | ------------------------------------------
4:f69ff52aa393579078d3265225c1f4f1:*g2^)
------------------------------------------ |
|
|
|
|
|
| Posted: Thu Dec 25, 2008 8:49 pm |
|
|
| epro |
| Regular user |
|
|
| Joined: Feb 11, 2008 |
| Posts: 24 |
|
|
|
|
|
|
|
| Hello, is it possibility to get admin passhash and salt with SQL injection, not exploit, because I have vulnerable forum, but exploit don't want to work.. So? |
|
|
|
|
| Posted: Mon Dec 29, 2008 11:05 am |
|
|
| DocHoliday |
| Beginner |
|
|
| Joined: Dec 29, 2008 |
| Posts: 4 |
|
|
|
|
|
|
|
Just to say thanks for this  |
|
|
|
|
| Posted: Mon Dec 29, 2008 11:21 pm |
|
|
| k40t1x |
| Regular user |
|
|
| Joined: Dec 27, 2008 |
| Posts: 22 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Tue Jan 13, 2009 9:00 pm |
|
|
| waplet |
| Active user |
|
|
| Joined: Dec 24, 2008 |
| Posts: 31 |
|
|
|
|
|
|
|
waraxe , can you add, members username finding , and id?
hash:salt comes from ipb_members_converge
maybe you can add something like
| Code: | | union select `members_l_username` from ibf_members where id = $id! |
|
|
|
|
|
| Posted: Tue Jan 13, 2009 9:09 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| waplet wrote: | waraxe , can you add, members username finding , and id?
hash:salt comes from ipb_members_converge
maybe you can add something like
| Code: | | union select `members_l_username` from ibf_members where id = $id! |
|
Look at previous posting - it's easy to modify script for your needs. You can do that within 5 minutes, only basic level of php and some sql knowledge needed. |
|
|
|
|
| Posted: Tue Jan 13, 2009 9:17 pm |
|
|
| waplet |
| Active user |
|
|
| Joined: Dec 24, 2008 |
| Posts: 31 |
|
|
|
|
|
|
|
But i dont understand , i think you can write the write answer,
$username = UNION select bla bla bla
echo $url.$usernam
plase waraxe
i dont know Blind sql injections ;( |
|
|
|
|
| Posted: Thu Jan 15, 2009 9:39 am |
|
|
| _hacker_ |
| Regular user |
|
|
| Joined: Aug 26, 2008 |
| Posts: 14 |
| Location: asia |
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Jan 22, 2009 5:06 pm |
|
|
| OpenMASK |
| Regular user |
|
|
| Joined: Jan 22, 2009 |
| Posts: 6 |
|
|
|
|
|
|
|
Hello, thx for this work..
when i tried this script i have this:
| Code: |
xxx@xxxx-laptop:~$ php5 test.php
Target: http://www.xxxxxxxxxx.com/forum/
Sql table prefix: ibf_
Testing target URL ...
Target URL seems to be valid
Testing ID 1
ID 1 not valid, passing ...
Testing ID 2
ID 2 validated
Finding hash ...
Sql error! Wrong prefix?
|
Sql error? lol does that mean that the website is unvuln? |
|
|
|
|
| Posted: Thu Jan 22, 2009 5:23 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| It's probably vulnerable, because 2 test are passing, but for some reason sql error occurs in later phase. Why - i have no idea. You must debug the script (use echo, print or similar in right places) and try to find out server response. If needed, then there can be more ways to fetch data from the same sql injection. Just be creative |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 3 of 6
Goto page Previous1, 2, 3, 4, 5, 6Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 64
Members: 0
Total: 64
