Sunday, August 26, 2012

[TUT]Vbulletin Forum Hacking with Header-Based SQL injection[TUT]




Injecting Vbulletin Forum
******************
/Content\
****************************
$1.Intro
$2.Tutorial
$3.Conclusion

$1.Intro

Quote
Category : Forum Group Injection
Method : Header-Based SQL injection
Original Exploit :http://www.exploit-i...-sql-injection- vulnerability by D4rkB1t
Software :Vbulletin
Dork :inurl:"search.php?search_type=1"
Vulnerable Version : 4.0.x to 4.1.2


(Ques? ကုိနတ္ဆုိးေရ... အခုေျပာမယ့္ အေၾကာင္းအရာေလးကုိ နဲနဲေလာက္ရွင္းျပပါဦး)
(Ans : ဟုတ္ကဲ့ပါ... ရွင္းပါတယ္.. Vbulletin Forum ေတြကုိ SQL injection ေပါက္တဲ့အေၾကာင္းေလးပါတယ္... ကန္.သတ္ခ်က္ေလးေတြရွိပါတယ္....အေပၚမွာေရထားတဲ့အတုိင္း.... version က 4.0.x ကေန 4.1.2 အတြင္းပဲရမွာ vulnerable ျဖစ္ႏွုန္းက ... နဲနဲနည္းပါတယ္... 50% ၀န္းက်င္ေလာက္ေတာ့ရွိပါတယ္... vbulletin ဆုိေတာ့ Admin login ရွာရတာလြယ္ပါတယ္.... ရလာတဲ့ hash ကုိ ျဖည္ဖုိ.ခက္တာပါ)

MRTV-4 ကေတြ.ဆုံေမးျမန္းတဲ့ စတုိင္ဖမ္းထားတယ္.... Posted Image Posted Image

(Ques? ဟင္..ခင္ဗ်ားဟာကလည္း... version ကလည္းေအာက္ေသး.... ျဖစ္ႏုိ္င္ေျခကလည္းနည္းေသး... hashed ကလည္းေျဖမရေတာ့... ဘာသြားလုပ္ေတာ့မွာတုန္း...)
(Ans: နည္းပညာေလဗ် နည္းပညာ...
နည္းပညာလုိက္စားသူတုိင္းက တစ္ခုခု...အသစ္သိရတုိင္း...ထမင္းေမ့ဟင္းေမ့ေလ့လာတက္ၾကတယ္... ခင္ဗ်ားနည္းပညာကုိမသိခ်င္ဘူးလား..?)


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$2.Tutorial
ေတာ္ပါျပီ... ေလပန္းေနတာရပ္ျပီး... စပါေတာ့မယ္... ဒန္တန္.တန္..... Posted Image
အရင္ဆုံး Live Http headers မရွိသူမ်ား.... အျမန္ဆုံးသြင္းလုိက္ၾကပါ....
goto : broswer >> Alt+T >> A >> Search for addons

ပုံမွန္ဆုိရင္ ... google မွာ dork ထည့္ရွာျပီး... Forum ၀င္ျပီး... ေဖာက္ရမွာပါတယ္... အခုေတာ့ ကြ်န္ေတာ့္ demo ေလးနဲ.ပဲ ...လုပ္ပါေတာ့... Posted Image
demo site:
Quote
www.myanmarengineer.org
ကုိေဘာ့စိက... အၾကားအျမင္ရေနလားမတိဘူး.... :P
Forum rules ကျမန္မာ website မ်ားမလုပ္ပါနဲ.ဆုိေတာ့... အခုဟာက ... ခဏေလးပဲစမ္းၾကည့္မွာပါ... (Rule လြတ္တယ္ေနာ္ :))
password ရလည္းဘာမွလုပ္လုိ.မရပါဘူး ... (သိတဲ့အတုိင္းပဲ.. Vbulletin hash အေၾကာင္းကုိေလ)

အဲဒီ့ေတာ့ vul ျဖစ္တဲ့ေနရာ .... Community ထဲက ... Groups ေနရာမွာပါ....
site ရဲ. ညာဘက္ေထာင့္ဆုံး.... အေပၚနားေလးမွာ ... Advanced Search button ေလးကုိ ႏိွပ္ပါ
ေအာက္ကပုံေလးထဲကုိေရာက္သြားလိမ့္မယ္...


လုပ္ရမယ့္အဆင့္ဆင့္က ... forum မွာ member ၀င္... အုပ္စုထဲကုိသြား...ကုိယ့္ဘာသာ ...အုပ္စုတစ္ခုခုကုိ create လုပ္ ...
ဒါမွမဟုတ္လဲ ... ရွိျပီးသား...တစ္ခုခုကုိ ခဏမွတ္ထားလုိက္ေပါ့...

ဒီအဆင့္ေတြျပီးသြားရင္ ... ေစာေစာက Advanced Search ကုိျပန္သြားပါ ...
ကုိယ္မွတ္ထားတဲ့ Group နာမည္ကုိ search box ထဲထည့္ပါ....

ေစာေစာ Install လုပ္ထားတဲ့ ... Live Http headers add-on ကိုဖြင့္ထားပါ ...
ျပီးရင္ search now ကုိႏိွပ္ပါ...
ေအာက္ကပုံကုိၾကည့္ၾကပါ...







ပုံမွာ highlight လုပ္ထားတဲ့ ... စာသားေလးကုိေတြ.ေအာင္ရွာပါ ...
ျပီးရင္... click လုပ္... ေအာက္က replay button ကုိႏိွပ္....
http://i.imgur.com/lBdsZ.png
အခုလုိ ျမင္ရပါလိမ့္မယ္..












cotent box ထဲက.... စာေတြထဲမွာ ေနာက္ဆုံးက .. Id= ဆုိတာကုိေတြ.တယ္ဟုတ္... အဲဒီ့ မွာ SQL query ေတြပုိ.မွာ...
ေအာက္ကဟာေလးကုိ cp/paste လုပ္ျပီး.... replay button ကုိႏွိပ္ပါ...

&cat[0]=1) union select version#

ဒါဆုိအခုလုိ vesion ျမင္ရမယ္....



ေနာက္ဆုံးအဆင့္ ... usr name ေတြ password ေတြ လုိခ်င္ရင္ေအာက္က query ကုိေစာေစာကအတုိင္းပုိ.လုိက္ေပါ့....

&cat[0]=1 union+select+group_concat(userid,0x3a,username,0x3a,password,0x3a,usergroupid) from user where usergroupid=6#
ေအာက္မွာ ၾကည့္ၾကပါ...



ဒီေလာက္ဆုိ... သေဘာေပါက္ေလာက္ပါတယ္... ေနာ္...
အားနည္းခ်က္.... Human Image Verification ... ရိွေနရင္...မရပါ....
ပံုမ်ားမျမင္ရလွ်င္ကလစ္လုပ္ပါ

copy from mhu
Thank to D3vilM4yCry


ROCK FOREVER (MUSIC)

Pageviewers

CBOX

Manutd-Results

Label

Android (3) autorun (3) Backtrack (8) batch file (19) blogger (10) Botnet (2) browser (5) Brute Force (6) cafezee (2) cmd (5) Cookies (2) crack (12) Cracking (2) crypter (7) DDos (20) deepfreeze (4) defacing (1) defence (16) domain (4) Dos (9) downloader (4) ebomb (2) ebook (48) Exploit (26) firewall (3) game (2) gmail (11) google hack (16) Hacking Show (3) Hash (4) hosting (1) icon changer (1) ip adress (6) Keygen (1) keylogger (8) knowledge (67) locker (1) maintainence (8) network (17) news (31) other (35) passwoard viewer (7) password (12) Philosophy (6) Phishing (8) premium account (2) proxy (7) RAT (10) run commands (4) script (27) Shell code (10) shortcut Key (2) SMTP ports (1) social engineering (7) spammer (1) SQL Injection (30) Stealer.crack (5) tools (125) Tools Pack (4) tutorial (107) USB (3) virus (32) website (84) WiFi (4) word list (2)

Blogger templates

picoodle.com

Blogger news

HOW IS MY SITE?

Powered by Blogger.

Followers

About Me

My Photo
Hacking= intelligent+techonology+psychology