Originally Posted by
NetHogz
Once I download Active Perl how would I use it with the script. Im still a novice as far as using scripts and such.
This tutorial looks good for beginners:
[url]http://perl.about.com/od/gettingstartedwithperl/a/testperl_2.htm[/url]
[url]http://milw0rm.com/exploits/26*6[/url] << Thats the one I mean, I just searched through my chat logs and found this. He told me at the time to save it as a pl
The script you linked to is in fact a PHP script -- these can be used as I described earlier:
Originally Posted by
mike*5*
You don't need a web server to run most scripts -- Perl scripts can be executed on your own computer if you have Perl, and likewise for PHP if you have a web server installed on your computer with PHP installed (or you have the command-line version of PHP).
and host it on a webserver. :?
Perl scripts are easily (and preferably) executed on your own computer if you are on a Unix-like OS with Perl (or have ActivePerl for Windows), but PHP scripts are mostly made to be used on web servers (although you can get the command-line PHP). In this case, if someone wanted to run that script you linked to, they would have to get some PHP hosting or install their own web server with PHP.
Some additional comments about that script:
Affects Invision Power Borard 2.0.0 to 2.*.7
I believe the latest IPB version is 2.0 and this is what InvisionFree are probably running, so this script would probably be useless to someone who wanted to exploit an InvisionFree forum.
Code:
This works if:
"Debug Level" is set to *
or
Enable SQL Debug Mode is turned on
In General Configuration of the forum software.
This says the script can only exploit ***rds that have settings that are not default. Most forums use the default settings; a service like InvisionFree most definitely does not have any sort of debug mode on (this would be a security risk in itself), so the script would probably not be useful to someone who wanted to steal InvisionFree passwords.
This still doesn't rule out social engineering, monitoring software or many more methods for someone who wanted to steal forum passwords.