|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 114
Members: 0
Total: 114
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
help with this exploit please |
|
Posted: Thu Aug 20, 2009 2:55 pm |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
hi,
im trying to execute this exploit
http://marc.info/?l=bugtraq&m=122002759605015&w=2
but im not so familiar with cmd so i cant get right the execution syntax. In cmd i just enter the path to the exploit like this c:\users\blabla\exploit.php so a dialog appears and says something like this:
Attacks
-attack <int_choice> <params> [options]
1 - PHP code execution
-url IPB url with ending slash
-uname targeted username
so by that i figured that you have to give those parameters somehow but i cant find out how, i tried
c:\users\blabla\exploit.php -attack <1> <-url someboard.com -uname admin>
but didnt work. Any suggestions please??
Thank you. |
|
|
|
|
Posted: Thu Aug 20, 2009 7:55 pm |
|
|
lenny |
Valuable expert |
|
|
Joined: May 15, 2008 |
Posts: 275 |
|
|
|
|
|
|
|
Did it give you any error messages in response? |
|
|
|
|
Posted: Fri Aug 21, 2009 12:36 am |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
hi
i get no errors, when i execute it i just get this screen:
Attacks
-attack <int_choice> <params> [options]
1 - PHP code execution
-url IPB url with ending slash
uname targeted username
-uid OR the targeted user id (def: 1)
etc.
and then it exits but nothing happens. So its like if you need to indicate the parameters above mentioned somewhere or maybe you need to modify the exploit code and indicate the URL of the board you want to hack and all that but i cant figure out where in the code i should change that. If you know how to use this exploit i would appreciate any hint you could give me.
Thank you. |
|
|
|
|
Posted: Fri Aug 21, 2009 7:41 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
You specify the arguments on the command line when u start the script.
eg: php exploit.php -attack 1 -url www.site.com/forum/ -uid 1
Pretty straight forward. |
|
|
|
|
Posted: Fri Aug 21, 2009 8:27 am |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
Somehow i had a typo in the commands. Now i could execute it. Thank you. Unfortunately the exploit seems to be out of date, i get a message that says ereg is deprecated in line 507 so its a useless script. Also, it doesnt seem to get the ACP path which is what im looking for.
Thank you anyway. |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|