|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 125
Members: 0
Total: 125
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Help SQL injecting for admin on VB? |
|
Posted: Thu Apr 30, 2009 1:03 am |
|
|
Overhit |
Beginner |
|
|
Joined: Apr 30, 2009 |
Posts: 3 |
|
|
|
|
|
|
|
I have shell access and MySQL access on a site, and we are planning an attack. I need to make myself admin, and drop all the other admins in the db so we can deface the site and upload hooks into the styles so we can infect it with our bots and shells at a later date (after the attack, because they will probably delete all our shells)
The only way I can think to do this is a SQL injection, by adding a new row with my user ID into table "administrator" with permissions "524284"
Has anyone ever tried this, or know another way to get full admin with ftp and MySQL access?
Edit: For those of you saying the changes will be formated when they uplaod a DB backup I will be getting the admin to make a DB backup after the prep of the attack. Then we attack. |
|
|
|
|
|
|
|
|
Posted: Fri May 01, 2009 4:35 am |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
Just backdoor the vBulletin and wait till the backup like u said so they have a backdoored backup version.
Backdoor threw the plugin managers using ajax_complete under the hook location. You can execute any php u want without using the <?php ?> tags. Also if you wanted try and backdoor the whole server if you can get around the permissions of the server. |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|