1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

My Forum Exploit!! (I coded a tool)

Discussion in 'Ethical hacking' started by Systemerror, Feb 19, 2009.

  1. Systemerror

    Systemerror New Member

    Joined:
    Jan 11, 2008
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    0
    Home Page:
    See that login prompt? that is an example of what this software can do (please don't bann me I just used that as an example)...,

    [​IMG]

    This exploit is something I discovered whilst trying to find certain vulnerabillities on forums, the way this works is via the http access manipulation, URL encoding and injection.

    So what does it do?

    This tool uses a weakness in almost all forums, that is, the way BBCode is used, the way it handles file extensions, and the way they don't use propper input checking bounds which ultimately is one big flaw, now for example, you can use this tool for two reasons, one of which is to be destructive, flood forums with pop-ups, use your actual target do DDoS another target to get thousands of people to attempt to login, causing a major DoS etc, or the better option is, you can use this tool as a great way for phishing, stealing login information and sending it back to yourself, you would need some scripting knowledge to do this but nothing too difficult.., in-fact there is a lot more that can be done with this, it just takes a little imagination, though it comes with a lot of help if you're struggling.

    System requirements:

    Windows 32 (XP or above)
    .NET 3.5

    Go to my site on software page for more info [SEE SIGNITURE LINK]:

    Also, I've nearly finished uploading a youtube video tut, i'll out on here once finished.
     
  2. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    very coooooooooooooooooooooool!
     
  3. Systemerror

    Systemerror New Member

    Joined:
    Jan 11, 2008
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    0
    Home Page:
  4. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,276
    Likes Received:
    364
    Trophy Points:
    83
    You linked to an image which needs a password to view and so I edited your code
     
  5. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,276
    Likes Received:
    364
    Trophy Points:
    83
    Forgot to add. Does this goes as Ethical ? Please justify and I would not mind having it here.
     
  6. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:

    it isnt new AT ALL!!!! its called BASIC AUTH PASS... google it and learn LOL... :thinking:
     
  7. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    lol everyone regretting>?
     

Share This Page