MyBB Community Forums

Note that the above code should escape the username before using it in an SQL query. It is currently wide open to SQL injection.

(2015-08-15, 08:24 AM)Euan T Wrote: [ -> ]Note that the above code should escape the username before using it in an SQL query. It is currently wide open to SQL injection.

how to fix it?!
I need that script and I don't know PHP, I'm Java programmer.

This should be a little better:

<?php
header ("Content-Type:text/xml"); 
define("IN_MYBB", 1);
require_once "./global.php";
require_once "./inc/functions_time.php";

$user = $db->simple_select("users", "*", "username='".$db->escape_string($mybb->input['username'])."'");

if($mybb->input['username'] && $db->num_rows($user) != 0)
{
   $user = $db->fetch_array($user);
   $usergroupcache = $cache->read("usergroups");
   
   $doc = new DOMDocument();
   $doc->formatOutput = true;

   $u = $doc->createElement("user");
   $doc->appendChild($u);

   $usergroup = $doc->createElement("usergroup");
   $usergroup->appendChild($doc->createTextNode($usergroupcache[$user['usergroup']]['gid']));
   
   $numthreads = $db->simple_select("threads", "COUNT(tid) as count", "uid = ".$user['uid']);
   $numthreads = $db->fetch_field($numthreads, "count");
  
   $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
   $query = $db->simple_select("sessions", "location,nopermission", "uid='".((int) $user['uid'])."' AND time>'".$timesearch."'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
   $session = $db->fetch_array($query);
   
   if ($db->num_rows($query) == 0)
   {
       $onlinestatustext = "Offline";
   }
   else
   {
       require_once MYBB_ROOT."inc/functions_online.php";
       $lang->load("online");
       $location = fetch_wol_activity($session['location'], $session['nopermission']);
       $location = build_friendly_wol_location($location);
       $onlinestatustext = "Online - ".strip_tags($location);
   }
   
   $u->appendChild($usergroup);

   echo $doc->saveXML();
}
else
{
   error("invalid user");
}

(2017-06-26, 01:40 PM)Euan T Wrote: [ -> ]This should be a little better:

<?php
header ("Content-Type:text/xml"); 
define("IN_MYBB", 1);
require_once "./global.php";
require_once "./inc/functions_time.php";

$user = $db->simple_select("users", "*", "username='".$db->escape_string($mybb->input['username'])."'");

if($mybb->input['username'] && $db->num_rows($user) != 0)
{
   $user = $db->fetch_array($user);
   $usergroupcache = $cache->read("usergroups");
   
   $doc = new DOMDocument();
   $doc->formatOutput = true;

   $u = $doc->createElement("user");
   $doc->appendChild($u);

   $usergroup = $doc->createElement("usergroup");
   $usergroup->appendChild($doc->createTextNode($usergroupcache[$user['usergroup']]['gid']));
   
   $numthreads = $db->simple_select("threads", "COUNT(tid) as count", "uid = ".$user['uid']);
   $numthreads = $db->fetch_field($numthreads, "count");
  
   $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
   $query = $db->simple_select("sessions", "location,nopermission", "uid='".((int) $user['uid'])."' AND time>'".$timesearch."'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
   $session = $db->fetch_array($query);
   
   if ($db->num_rows($query) == 0)
   {
       $onlinestatustext = "Offline";
   }
   else
   {
       require_once MYBB_ROOT."inc/functions_online.php";
       $lang->load("online");
       $location = fetch_wol_activity($session['location'], $session['nopermission']);
       $location = build_friendly_wol_location($location);
       $onlinestatustext = "Online - ".strip_tags($location);
   }
   
   $u->appendChild($usergroup);

   echo $doc->saveXML();
}
else
{
   error("invalid user");
}

Thanks, Just this script don't contain vuln?

I don't think so, but I haven't tested it. The obvious issues are fixed in it.

(2017-06-26, 09:01 PM)Euan T Wrote: [ -> ]I don't think so, but I haven't tested it. The obvious issues are fixed in it.

Thanks very much.
Sorry for saying this, Will you test the script later or you can't?!

better vb.net mybb_login_system_with_HWID_lock

whats needed

2 buttons
7 labels
2 textboxes
2 timers
1 textbox named txtHWID
WebBrowser1
WebBrowser2
WebBrowser3

Imports System.IO
Imports System.Net
Imports System.Threading
Imports System.Management
Imports System.Security
Imports System.Security.Policy

Public Class Form1

Dim login As Integer
Dim confirm As Integer
Dim runlogin As Integer
Dim updateneeded As Integer
Dim firstlaunch As Integer
Dim confirmhwid As Integer
Dim updatecolor As Integer

Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load

WebBrowser1.Navigate("/forum/member.php?action=login")
WebBrowser2.Navigate("/forum/usercheck.php")
WebBrowser3.Navigate("/forum/hwid.php")

'Loads user settings
If My.Settings.check = True Then
TextBox1.Text = My.Settings.username
TextBox2.Text = My.Settings.password
CheckBox1.Checked = My.Settings.check
Else
'Do nothing
End If

'Check connection to website
Try
' My.Computer.Network.Ping("your web server ipaddress")
Catch
MsgBox("Error: Unable to connect to the website", vbCritical)
Application.Exit()
End Try

'Generate HWID
Dim hw As New clsComputerInfo

Dim cpu As String
Dim mb As String
Dim mac As String
Dim hwid As String

cpu = hw.GetProcessorId()
mb = hw.GetMotherboardID()
mac = hw.GetMACAddress()
hwid = cpu + mb + mac

Dim hwidEncrypted As String = Strings.UCase(hw.getMD5Hash(cpu & mb & mac))

txtHWID.Text = hwidEncrypted
'HWID Generated

Timer1.Start()
Timer2.Start()

'Local Version
Dim currentVerison As String
currentVerison = "1.0.0.0"

'Web Version
Dim address As String = "/forum/version.txt"
Dim client As WebClient = New WebClient()
Dim reader As StreamReader = New StreamReader(client.OpenRead(address))
Label4.Text = reader.ReadToEnd
Label4.ForeColor = Color.Transparent
Label4.Location = New Point(1000, 2000)

If (currentVerison < Label4.Text) Then
updateneeded = 1
ElseIf (currentVerison > Label4.Text) Then
updateneeded = 1
Else
updateneeded = 0
End If

Label6.Text = "Current Status: Waiting for input"

If My.Computer.FileSystem.FileExists("C:\temp\Nova\Nova.Hook") Then
Else
firstlaunch = 1
System.IO.Directory.CreateDirectory("C:\temp\Nova\")
My.Computer.FileSystem.WriteAllText("c:\temp\nova\Nova.Hook", "", False)
Dim ToHideDir As New System.IO.DirectoryInfo("C:\temp\Nova\")
ToHideDir.Attributes = IO.FileAttributes.Hidden
End If

'Dim pName As String = "Steam"
'Dim psList() As Process
'Try
'psList = Process.GetProcesses()
'For Each p As Process In psList
'If (pName = p.ProcessName) Then
'MsgBox("Steam is currently running! Please close steam before using the loader", MsgBoxStyle.Exclamation)
'Me.Close()
'End If
'Next p

'Catch ex As Exception
'MsgBox(ex.Message)
'End Try

'Dim appPath As String = My.Application.Info.DirectoryPath
'If appPath.Contains("C:\") Then
'MsgBox("The loader must be run from a USB! Please move the loader's .exe onto a USB then execute!")
'Me.Close()
'End If
End Sub
' Confirm HWID
Private Class clsComputerInfo
'Get processor ID
Friend Function GetProcessorId() As String
Dim strProcessorID As String = String.Empty
Dim query As New SelectQuery("Win32_processor")
Dim search As New ManagementObjectSearcher(query)
Dim info As ManagementObject
For Each info In search.Get()
strProcessorID = info("processorID").ToString()
Next
Return strProcessorID
End Function
' Get MAC Address
Friend Function GetMACAddress() As String
Dim mc As ManagementClass = New ManagementClass("Win32_NetworkAdapterConfiguration")
Dim moc As ManagementObjectCollection = mc.GetInstances()
Dim MacAddress As String = String.Empty
For Each mo As ManagementObject In moc
If (MacAddress.Equals(String.Empty)) Then
If CBool(mo("IPEnabled")) Then MacAddress = mo("MacAddress").ToString()
mo.Dispose()
End If
MacAddress = MacAddress.Replace(":", String.Empty)
Next
Return MacAddress
End Function
' Get Motherboard ID
Friend Function GetMotherboardID() As String
Dim strMotherboardID As String = String.Empty
Dim query As New SelectQuery("Win32_BaseBoard")
Dim search As New ManagementObjectSearcher(query)
Dim info As ManagementObject
For Each info In search.Get()
strMotherboardID = info("product").ToString()
Next
Return strMotherboardID
End Function
' Encrypt HWID
Friend Function getMD5Hash(ByVal strToHash As String) As String
Dim md5Obj As New System.Security.Cryptography.MD5CryptoServiceProvider
Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(strToHash)
bytesToHash = md5Obj.ComputeHash(bytesToHash)
Dim strResult As String = ""
For Each b As Byte In bytesToHash
strResult += b.ToString("x2")
Next
Return strResult
End Function
End Class
' Timer start
Private Sub Timer1_Tick(sender As Object, e As EventArgs) Handles Timer1.Tick
If (firstlaunch = 1) Then
Form6.Show()
Timer1.Stop()
Else
Timer1.Stop()
End If
End Sub
' Login button
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Button1.Enabled = False
login = 1

Try
WebBrowser1.Document.GetElementById("username").SetAttribute("value", TextBox1.Text)
WebBrowser1.Document.GetElementById("password").SetAttribute("value", TextBox2.Text)
WebBrowser1.Document.GetElementById("submit").InvokeMember("click")
Catch
MsgBox("Error: Login function not setup right. Yell at the 'dev' until he figures out how to read the README.md", vbCritical)
End Try

Try
WebBrowser2.Document.GetElementById("username").SetAttribute("value", TextBox1.Text)
WebBrowser2.Document.GetElementById("submit").InvokeMember("click")
Catch
MsgBox("Error: Usercheck function not setup right. Yell at the 'dev' until he figures out how to read the README.md", vbCritical)
End Try

Try
WebBrowser3.Document.GetElementById("username").SetAttribute("value", TextBox1.Text)
WebBrowser3.Document.GetElementById("hwidin").SetAttribute("value", txtHWID.Text)
WebBrowser3.Document.GetElementById("submit").InvokeMember("click")
Catch
MsgBox("Error: HWID function not setup right. Yell at the 'dev' until he figures out how to read the README.md", vbCritical)
End Try
End Sub

' Exit button
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
Application.Exit()
End Sub
' Login check
Private Sub WebBrowser1_DocumentCompleted(sender As Object, e As WebBrowserDocumentCompletedEventArgs) Handles WebBrowser1.DocumentCompleted
If login = 1 Then
login = 0
Try
Label6.Text = "Current Status: Checking password"
If WebBrowser1.DocumentText.Contains("<p>You have successfully been logged in") Then
Label6.Text = "Current Status: Password accepted"
confirm = 1
Else
Label6.ForeColor = Color.Red
Label6.Text = "Current Status: Password rejected!"
WebBrowser1.Navigate("/forum/member.php?action=login")
MsgBox("Error: Username or password is incorrect", vbCritical)
Thread.Sleep(150)
Button1.Enabled = True
End If
Catch ex As Exception
MsgBox("Error: Forum login not working. Yell at the 'dev' until they learn to read the README.md", vbCritical)
End Try
End If
End Sub
' Status check
Private Sub WebBrowser2_DocumentCompleted(sender As Object, e As WebBrowserDocumentCompletedEventArgs) Handles WebBrowser1.DocumentCompleted
If confirm = 1 Then
confirm = 0

Try
Label6.Text = "Current Status: Checking account status"

If WebBrowser2.DocumentText.Contains("2") Then ' Check if they are "registered"
Label6.Text = "Current Status: User is not premium"
Label6.ForeColor = Color.Red
confirmhwid = 0
Else
If WebBrowser2.DocumentText.Contains("4") Then ' Check if they are "banned"

Label6.Text = "Current Status: User is banned"
Label6.ForeColor = Color.Red
confirmhwid = 1
Else
If WebBrowser2.DocumentText.Contains("8") Then ' Check if they are "Premium CS:GO"
Label6.Text = "Current Status: Group accepted"
MsgBox("Premium CS:GO")
confirmhwid = 1
Else
If WebBrowser2.DocumentText.Contains("10") Then ' Check if they are "Premium CS:GO Beta"
Label6.Text = "Current Status: Group accepted"
MsgBox("Premium CS:GO Beta")
confirmhwid = 1
Else
If WebBrowser2.DocumentText.Contains("9") Then ' Check if they are "Premium CS:GO Lite"
Label6.Text = "Current Status: Group accepted"
MsgBox("Premium CS:GO Lite")
confirmhwid = 1
Else
If WebBrowser2.DocumentText.Contains("11") Then ' Check if they are "Premium Garry's Mod"
Label6.Text = "Current Status: Group accepted"
MsgBox("Premium Garry's Mod")
confirmhwid = 1
Else
If WebBrowser2.DocumentText.Contains("4") Then ' Check if they are "Admin"
Label6.Text = "Current Status: Group accepted"
MsgBox("Administrator")
confirmhwid = 1
End If
End If
End If
End If
End If
End If
End If
Catch ex As Exception
MsgBox("Error: usercheck_get.php not working. Yell at the 'dev' until they learn to read the README.md", vbCritical)
End Try
End If

'Admin---------------------4
'Premium Garry's Mod-------11
'Premium CS:GO Lite--------9
'Premium CS:GO Beta--------10
'Premium CS:GO-------------8
'Banned--------------------7
'Not-----------------------2

End Sub
' HWID check
Private Sub WebBrowser3_DocumentCompleted_1(sender As Object, e As WebBrowserDocumentCompletedEventArgs) Handles WebBrowser3.DocumentCompleted
If confirmhwid = 1 Then
confirmhwid = 0
Try
Label6.Text = "Current Status: Checking HWID"
If WebBrowser3.DocumentText.Contains("HWID is correct") Then
Label6.Text = "Current Status: HWID accepted!"

If (CheckBox1.Checked = True) Then
My.Settings.check = True
ElseIf (CheckBox1.Checked = False) Then
My.Settings.check = False
End If

My.Settings.username = TextBox1.Text
My.Settings.password = TextBox2.Text
My.Settings.Save()
TextBox1.Text = ""
TextBox2.Text = ""
TextBox1.Focus()
Form3.Show()
Me.Hide()
Button1.Enabled = True
ElseIf WebBrowser3.DocumentText.Contains("HWID is not correct") Then
WebBrowser1.Navigate("/forum/member.php?action=login")
WebBrowser2.Navigate("/forum/usercheck.php")
WebBrowser3.Navigate("/forum/hwid.php")
Label6.ForeColor = Color.Red
Label6.Text = "Current Status: HWID rejected!"
MsgBox("Error: HWID is incorrect", vbCritical)
Thread.Sleep(250)
Button1.Enabled = True
ElseIf WebBrowser3.DocumentText.Contains("") Then
WebBrowser1.Navigate("/forum/member.php?action=login")
WebBrowser2.Navigate("/forum/usercheck.php")
WebBrowser3.Navigate("/forum/hwid.php")
Label6.ForeColor = Color.Red
Label6.Text = "Current Status: HWID rejected!"
MsgBox("Error: No user with that name (HWID)", vbCritical)
Thread.Sleep(250)
Button1.Enabled = True
End If
Catch ex As Exception
MsgBox("Error: hwid_get.php not working. Yell at the 'dev' until they learn to read the README.md", vbCritical)
End Try
End If
End Sub
' Login fix
Private Sub Label1_Click(sender As Object, e As EventArgs) Handles Label1.Click
Me.Hide()
Form2.Show()
End Sub
' Update Script

Private Sub Label6_Click(sender As Object, e As EventArgs) Handles Label6.Click

End Sub

' This is the updater script. Un-comment it if you want the update function. It's kind of useless in my opinion UNLESS you are doing more than just CS:GO cheats.
'Private Sub Timer2_Tick(sender As Object, e As EventArgs) Handles Timer2.Tick
' If (updateneeded = 1) Then
' Timer2.Stop()
' Dim exePath As String = Application.ExecutablePath()
' My.Computer.FileSystem.WriteAllText("c:\temp\nova\Nova.Hook.Path", exePath, False)
' Me.Hide()
' Dim appPath As String = My.Application.Info.DirectoryPath
' If My.Computer.FileSystem.FileExists(appPath + "\Updater.exe") Then
' Process.Start(appPath + "\Updater.exe")
' Application.Exit()
' Else
' My.Computer.Network.DownloadFile("/forum/Updater.exe", appPath + "\Updater.exe")
' Process.Start(appPath + "\Updater.exe")
' Application.Exit()
' End If
' Else
' Timer2.Stop()
' End If
'End Sub
End Class

php files

hwid.php

code:

<html>

<head>
<title>PHP hwid check</title>

<style type="text/css">
a {
    color: #0060B6;
    text-decoration: none;
}

a:hover 
{
     color:#00A0C6; 
     text-decoration:none; 
     cursor:pointer;  
}

#footer
{
    clear: both;
 background: white;
    padding: 0;
 border: 1px groove #aaaaaa;
    text-align: center;
    vertical-align: 10px;
    line-height: normal;
    margin: 0;
    position: fixed;
    bottom: 0px;
 left: -1px;
    width: 100%;
 height: 60px;
}

#text
{
    clear: both;
    padding: 0;
    text-align: center;
    vertical-align: middle;
    line-height: normal;
    margin: 0;
    position: relative;
    top: 70px;
 left: -10px;
    width: 100%;
 padding-bottom: 40px;
}

input{
   text-align:center;
}
</style>

</head>

<body>

<div class="text" id="text">
<font color="black" size="5"><b>Virus MyBB "API" v1.0.0.0</b></font>
 <br>
 <br>
 <form action="hwid_get.php" method="get">
 <input type="text" name="username" id="username" placeholder="Username to check"><br>
 <input type="text" name="hwidin" id="hwidin" placeholder="HWID"><br>
 <div style="padding-top: 7px;"></div>
 <input name="submit" id="submit" type="submit">
 </form>
</div>

<div class="footer" id="footer"><p>Copyright &copy Virus 2017</p></div>


 
</body>

</html>

hwid_get.php
code

<?php
$link = mysqli_connect('localhost','your-dataabase-username','your-databse-password-here','your-databaase name');
$database = mysqli_select_db($link,'database_name');

$user = $_GET['username'];
$hwid = $_GET['hwidin'];

$sql = "SELECT * FROM mybb_users WHERE username = '". mysqli_real_escape_string($link,$user) ."'" ;
$result = $link->query($sql);

if(strlen($hwid) < 1)
{
 echo "HWID value left empty";
}
else
{
 if ($result->num_rows > 0) {
 while($row = $result->fetch_assoc()) {
 if (strlen($row['hwid']) > 1)
 {
 if ($hwid != $row['hwid'])
 {
 echo "HWID is not correct";
 }
 else
 {
 echo "HWID is correct";
 }
 }
 else
 {
 $sql = "UPDATE mybb_users SET hwid='$hwid' WHERE username='$user'";
 if(mysqli_query($link, $sql))
 {
 echo $row['hwid'];
 }
 else
 {
 echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
 }
 }
 }
 }
}



?>

<html>
<head>
<title>PHP account check return</title>

</head>

<body>

</body>
</html>

usercheck.php

<html>

<head>
<title>PHP account check</title>

<style type="text/css">
a {
    color: #0060B6;
    text-decoration: none;
}

a:hover 
{
     color:#00A0C6; 
     text-decoration:none; 
     cursor:pointer;  
}

#footer
{
    clear: both;
 background: white;
    padding: 0;
 border: 1px groove #aaaaaa;
    text-align: center;
    vertical-align: 10px;
    line-height: normal;
    margin: 0;
    position: fixed;
    bottom: 0px;
 left: -1px;
    width: 100%;
 height: 60px;
}

#text
{
    clear: both;
    padding: 0;
    text-align: center;
    vertical-align: middle;
    line-height: normal;
    margin: 0;
    position: relative;
    top: 70px;
 left: -10px;
    width: 100%;
 padding-bottom: 40px;
}

input{
   text-align:center;
}
</style>

</head>

<body>

<div class="text" id="text">
<font color="black" size="5"><b>Virus's MyBB "API" v23.0.0.0</b></font>
 <br>
 <br>
 <form action="usercheck_get.php" method="get">
 <input type="text" name="username" id="username" placeholder="Username to check"><br>
 <div style="padding-top: 7px;"></div>
 <input name="submit" id="submit" type="submit">
 </form>
</div>

<div class="footer" id="footer"><p>Copyright &copy Thaisen 2017</p></div>


</body>

</html>

usercheck_get.php

code

<?php


$link = mysqli_connect('localhost','your-dataabase-username','your-databse-password-here','your-databaase name');
$database = mysqli_select_db($link,'mybb');$user = $_GET['username'];

$sql = "SELECT * FROM mybb_users WHERE username = '". mysqli_real_escape_string($link,$user) ."'" ;
$result = $link->query($sql);

if ($result->num_rows > 0) {
 // Outputting the rows
 while($row = $result->fetch_assoc()) {
 
 echo $row['usergroup'] . "";
 echo $row['additionalgroups'];
   
 }
} 
else
{
 echo "No user with the username " . $user;
}


eval("\$forums = \"".$templates->get("forumdisplay")."\";");


/*

*/
?>

<html>
<head>
<title>PHP account check return</title>

</head>

<body>

</div>
</body>

Enter your PHPMyAdmin (Or whatever tool you use for SQL managment) and navigate to your mybb_users.

2. Click on the "Structure" tab at the top of PHPMyAdmin.

3. Now add a new column named "hwid" that is a "varchar" with a max limit of "255"

file Download For full source code

http://quainator.com/22D1

Euan T

Mr.Kurd

Euan T

Mr.Kurd

Euan T

Mr.Kurd

rocket